07-26-2009 07:56 AM
I am considering a Barracuda web filter, but i did see others such as IronPort, SonicWall.
I am however, NOT considering websense. I have it and currently hate it. I would rather have hardware rather than software.
Any ideas?
Solved! Go to Solution.
07-27-2009 12:40 PM
Cool. The ACL RESTRICT_SMTP is applied to the inside_vlan17 interface. When you move the IP over to gi0/3, remove the ACL then apply to the new interface.
no access-group RESTRICT_SMTP in interface inside_vlan17
access-group RESTRICT_SMTP in interface new_inside_vlan17
07-27-2009 11:46 AM
I have a customer that loves Barracuda. I have another customer that loves IronPort. We've used webwasher and BlueCoat, both work find, just expensive. Note that Webwasher can not load balance natively. In the past I've used Squid and had good success with it.
07-27-2009 11:54 AM
Awesome, I just purchase a Barracuda. I already have their Spam Firewall, and love it, so I am looking forward to getting it.
I am disappointed that I cant use it over a trunk link, but i do have a question..Take a look at the attached pic.
Our MAIN Vlan 17 is the one we use, all the other ones are for our tennants. If I move the Gig 0/1.17 to Gig 0/3, would that work?
Would there be any other settings I would need to do? and would you recommend?
07-27-2009 11:55 AM
07-27-2009 11:58 AM
That should work fine. Just remember to set your security level on the interface, the ACL, and any NAT.
07-27-2009 12:05 PM
I understand putting our security level on the Interface, but what do you mean by ACL, and NAT.. I thought they would just see the interface once i configured it and just go with it. This is my first time setting this up, so I am still learning. I thought the ACL and NAT settings would stay the same?
07-27-2009 12:08 PM
They can. For the ACL you will need to move it to the new interface. NAT will most likely stay the same as long as your address space doesn't change (which I assumed it wouldn't, but just wanted to mention it.)
07-27-2009 12:13 PM
Ok, yes the NAT will stay the same...Can you give me a example of which ones i need to move? Keep in mind, i am new :)
07-27-2009 12:13 PM
and all subnets are staying the same. 172.17.0.2
07-27-2009 12:18 PM
Let's say you have an ACL (let's call it inside_access) applied to the inside interface. We remove it from the old interface (inside) and apply it to the new interface (inside_1).
no access-group inside_access in interface inside
access-group inside_access in interface inside_1
Even if you keep the same name for the interfaces, when the original one is deleted the ACL will automatically be removed so you will still ehve to re-apply it.
07-27-2009 12:25 PM
07-27-2009 12:31 PM
It's only a partial config and the relevant info is a little further down. However you have an ACL named inside_out that is probably applied to the inside interface. Try this command and see if you see where the ACLs are applied-
show run | i access-group
07-27-2009 12:34 PM
himg-asa# show running-config | i access-group
access-group outside_in in interface outside per-user-override
access-group RESTRICT_SMTP in interface inside_vlan17
access-group dmz_in in interface dmz
07-27-2009 12:40 PM
Cool. The ACL RESTRICT_SMTP is applied to the inside_vlan17 interface. When you move the IP over to gi0/3, remove the ACL then apply to the new interface.
no access-group RESTRICT_SMTP in interface inside_vlan17
access-group RESTRICT_SMTP in interface new_inside_vlan17
07-27-2009 12:44 PM
THank you!!! I rated you 5!..
THanks for taking time out of your day for me...
Dustin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide