IOS URL Filtering (FW Feature Set - Websense)

Unanswered Question
Apr 10th, 2007
User Badges:

We are considering enabling this feature at our remote sites, with Websense server at corporate location. Has anyone enabled this feature at their remotes? If so, what was the user experience considering the additional latency of WAN? Any feedback would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
dsweeny Tue, 04/17/2007 - 05:58
User Badges:

Yes, it depends on the bandwidth of the WAN link.

danieldiaz Tue, 04/17/2007 - 06:43
User Badges:

Thank you. Could you tell me what your average latency is across your WAN? we average about 70-80msec (average utilization), versus our LAN >10msec.

stefan.jones Tue, 04/17/2007 - 07:13
User Badges:

I've seen WebSense on a LAN only, but I've used SurfControl with local databases and integrated into non-Cisco products. Integrated filtering uses an Internet server for URL filter, so it similar to using a WAN or VPN.


Websense on the LAN didn't slow things down any more than just using 'http inspect' of 'appfw'. Integrated filtering noticeably slows down browsing for non-cached results. Extreme cases like cnn.com or msn.com could take up to 10-12 seconds longer for the first page load. Local caching evens performance out a bit, so it's not that bad.


It really kind of depends on the WAN connection that you are using, the number of users and the response time of the Websense filter server. If latency to the central site is under 100ms and there are less than 20 or so users remotely, your scenario should be fine. Your suggestion is still likely to offer better performance than routing all internet traffic through the central site in a typical setup.



Actions

This Discussion