We tested a webfilter as a transparent bridge for web filtering and it worked fine. When we moved it into production it worked fine for LAN traffic but our 6 WAN sites that connect to our main site for internet were not able to get out to the interent or even ping the pix firewall. lan pc's were able to ping everything and had no issues.
I checked the routes on our routers which connect the WAN sites with a T1 and they are default static routes to our default router at our main site. As soon as I took the webfilter out from between our switch and the firewall the WAN sites were able to get to the internet and ping everything.
pix firewall -> web filter -> switch -> default router -> WAN router -T1-> default router WAN site
there are 6 wan routers and 6 routers (1 at each site) they are a straight ppp connection using full t1.
routes at the WAN site look like
ip route 0.0.0.0 0.0.0.0 ppp 1
They are setup with cross-connect
interface ppp 1
ip unnumbered eth 0/1
qos-policy out voipmap
no shutdown
cross-connect 1 t1 1/1 1 ppp 1
I can't figure out why adding a transparent filter would stop traffic going out the firewall when the local LAN at the main site had no problem. Any ideas would be appreciated?