Log entries show permitted protocol requests even though all protocols are blocked in Websense

Log entries show permitted permitted protocol requests (for example, RTSP) even though all protocols are configured to be blocked.

Even if all protocols are configured as blocked, Real-Time Streaming Protocol (RTSP) and Windows Media requests are occasionally permitted and logged. This also affects report output generated by Websense Explorer. This behavior has to do with port usage.

For various reasons, UDP traffic is never blocked by default. (This is configurable.) Any ports designated for the UDP protocol are always open. RTSP has the built-in capability to “port-hop,” or use whichever ports are available to transfer data to a requesting client. If RTSP uses one of the ports predefined as a UDP port, an Internet request is logged with the protocol name “Real-Time Streaming Protocol (RTSP).”

Websense Express permits and logs any traffic that travels over a port designated for UDP. If RTSP or Windows Media is blocked, requests are still permitted if the protocol uses a UDP port. A permitted protocol request is logged for each instance of requested RTSP or Windows Media traffic traveling over the ports Websense Express monitors for UDP traffic.