Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
989
Views
0
Helpful
3
Replies

Websense vs N2H2

josephium
Level 1
Level 1

‎09-23-2008 11:20 PM - edited ‎03-11-2019 06:48 AM

Hi,

can anyone advise plz which is a better solution to integragte with ASA ? does any of the 2 filtering server has monitoring capabilities, i mean if you want to check the websites that a certain employee is visiting.

Thank you

Labels:
0 Helpful
3 Replies 3

abinjola
Cisco Employee
Cisco Employee

‎09-30-2008 10:11 PM

To be perfectly honest, Filtering is not a feature sell other than:

1. On-box vs. off-box -- SmartFilter is the only one on-box.

2. Control list accuracy -- SmartFilter is 94%, Websense is 90%, Surfcontrol

is 77%

3. Pass-through or Pass-by -- SmartFilter and Websense are pass-through,

Surfcontrol has two products (one is pass-by and one is pass-through)

Smartfilter offers many more filtering options compared to websense.

since Smartfilter is one-box, it might be more cost effective

Ease of installation- 2 box you have to download and install the

websense software on another machine. You don't have to do that with

Smartfilter- although, you do have to download some configuration to the CE

from smartfilter FTP site.

Scalability- I know with websense, the price of the licence depends on how

large your user base is(25 users, or 100 users etc) WIth smartfilter, I

dont think thats an issue.

do rate if it helps !

0 Helpful

whiteford
Level 1
Level 1

‎10-02-2008 04:17 AM

Hi,

I have Websense and the ASA's working together and yes it monitors everything a users does and in real-time.

There is about 4 lines of code for the ASA and that is it.

I moved from Surfcontrol to Websense and it beet all our business needs, especially on the reporting side.

0 Helpful

cisco24x7
Level 6
Level 6
In response to whiteford

‎10-03-2008 12:00 PM

Why are you implementing ASA with Websense or N2H2?

Here is the way I would implement this:

- Place your Users behind "inside" interface,

- Place either Microsoft ISA (for windows folks) or Linux Squid in the DMZ,

- Place your Websense or N2H2 (aka SmartFilter) server in the DMZ,

- Implement Web Proxy Authentication Discovery (WPAD). This can be easily done,

- Open firewall rules to allow Internal Users to communicate with the Proxy Server,

- Open firewall rules to allow Proxy Server to communicate with the Internet,

That way, you will have very secure network. You can implement authentication

on the Proxy server for your internal users and that nobody can by-pass the Proxy

server for Internet access.

I am not sure if Websense support Squid but N2H2 (aka Smartfilter) definitely supports

Squid.

This is a better way of implmenting Access Control than doing it on the firewall

with either N2H2 or Websense.

My 2c

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card