Websense vs N2H2

Unanswered Question
Sep 23rd, 2008


can anyone advise plz which is a better solution to integragte with ASA ? does any of the 2 filtering server has monitoring capabilities, i mean if you want to check the websites that a certain employee is visiting.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
abinjola Tue, 09/30/2008 - 22:11

To be perfectly honest, Filtering is not a feature sell other than:

1. On-box vs. off-box -- SmartFilter is the only one on-box.

2. Control list accuracy -- SmartFilter is 94%, Websense is 90%, Surfcontrol

is 77%

3. Pass-through or Pass-by -- SmartFilter and Websense are pass-through,

Surfcontrol has two products (one is pass-by and one is pass-through)

Smartfilter offers many more filtering options compared to websense.

since Smartfilter is one-box, it might be more cost effective

Ease of installation- 2 box you have to download and install the

websense software on another machine. You don't have to do that with

Smartfilter- although, you do have to download some configuration to the CE

from smartfilter FTP site.

Scalability- I know with websense, the price of the licence depends on how

large your user base is(25 users, or 100 users etc) WIth smartfilter, I

dont think thats an issue.

do rate if it helps !

whiteford Thu, 10/02/2008 - 04:17


I have Websense and the ASA's working together and yes it monitors everything a users does and in real-time.

There is about 4 lines of code for the ASA and that is it.

I moved from Surfcontrol to Websense and it beet all our business needs, especially on the reporting side.

cisco24x7 Fri, 10/03/2008 - 12:00

Why are you implementing ASA with Websense or N2H2?

Here is the way I would implement this:

- Place your Users behind "inside" interface,

- Place either Microsoft ISA (for windows folks) or Linux Squid in the DMZ,

- Place your Websense or N2H2 (aka SmartFilter) server in the DMZ,

- Implement Web Proxy Authentication Discovery (WPAD). This can be easily done,

- Open firewall rules to allow Internal Users to communicate with the Proxy Server,

- Open firewall rules to allow Proxy Server to communicate with the Internet,

That way, you will have very secure network. You can implement authentication

on the Proxy server for your internal users and that nobody can by-pass the Proxy

server for Internet access.

I am not sure if Websense support Squid but N2H2 (aka Smartfilter) definitely supports


This is a better way of implmenting Access Control than doing it on the firewall

with either N2H2 or Websense.

My 2c


This Discussion