SA 520 - User based Content filtering and Load balancing fail-over Questions

Unanswered Question
Jun 4th, 2010
User Badges:

I've tried to solved most of my question/checked for requirements by looking through the manual of the SA520 but I'm still left with some things that I can't confirm.


I have the requirement that I need to filter content on a per user bases. - some just need to be able to access externally hosted e-mail others actually need internet access to do their jobs. Is this possible using the SA520(or 540) and what would be the recommended setup?


With regards to content filtering am I correct to assume that using an ip directly to surf is blocked given that content filtering is enabled?


An other unrelated question that I have involves Load balancing:

Given that I have dual wan setup as load balancing and say bound all voice data to link B and other data to A - should link B fail does the data, of the category thats specifically bound to B, fail over to A. If so does this also work the other way around, and do I have any control over it? Given B is a (relatively) small line should all data from A be redirected to B it might compromise the voice data on B. Though thinking about it; the latter might not be a problem given that QoS is setup properly.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Steven DiStefano Fri, 06/04/2010 - 04:18
User Badges:
  • Blue, 1500 points or more

You can enable content filtering for all, and then white list some users who can bypass it.  There arent more than one set of

filters though.


It is the HTTP GET that is filtered in the cloud, so that should still work with IP, yes.


With load balancing is the option of "protocol binding," where you specify services (some services already included by default), or you can designate you own based on port number, and then "bind" those services to only travel on a specific WAN port, to further control the traffic.

mbischo03 Fri, 06/04/2010 - 07:45
User Badges:

"You can enable content filtering for all, and then white list some users

who can bypass it. There arent more than one set of

filters though."


That should be good enough for our use-case.


"It is the HTTP GET that is filtered in the cloud, so that should still work

with IP, yes."

When using the functionality as outlined in:

Chapter 5 > Using Other Tools to Control Access to the

Internet > Configuring Approved URLs to Allow Access to Websites

is it still send to the cloud? Are those rules still honored - say I denied

www.cisco.com by putting it in the disallowed list will url's with the

resolved ip(http://1.2.3.4/) still work?


We don't require the sophisticated content filtering that the subscription

brings. (We can get away with allow list of 3 websites and blocking

everything else.)


"With load balancing is the option of "protocol binding," where you specify

services (some services already included by default), or you can designate

you own based on port number, and then "bind" those services to only travel

on a specific WAN port, to further control the traffic."


Yes I understand, but given you have set it up as you describe how does the

device respond to failure of either of the WAN links? Does it simply fall

back to channeling all data through one WAN (even though you have traffic

specifically "bound" to the other, failed, link?)

nmanglik Tue, 06/22/2010 - 11:54
User Badges:

Hi Michael,


Under Load Balancing with protocol binding if one of the WAN links goes down, all the traffic will rollover to the other WAN link provided the WAN Failure Detection Method is configured (Networking -> Optional Port -> WAN mode). Yes it will fall back to channel all data through one WAN link.


Thanks,

Nitin.

Actions

This Discussion

Related Content