Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What is a good webfilter to use???

I am considering a Barracuda web filter, but i did see others such as IronPort, SonicWall.

I am however, NOT considering websense. I have it and currently hate it. I would rather have hardware rather than software.

Any ideas?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: What is a good webfilter to use???

Cool. The ACL RESTRICT_SMTP is applied to the inside_vlan17 interface. When you move the IP over to gi0/3, remove the ACL then apply to the new interface.

no access-group RESTRICT_SMTP in interface inside_vlan17

access-group RESTRICT_SMTP in interface new_inside_vlan17

15 REPLIES

Re: What is a good webfilter to use???

I have a customer that loves Barracuda. I have another customer that loves IronPort. We've used webwasher and BlueCoat, both work find, just expensive. Note that Webwasher can not load balance natively. In the past I've used Squid and had good success with it.

New Member

Re: What is a good webfilter to use???

Awesome, I just purchase a Barracuda. I already have their Spam Firewall, and love it, so I am looking forward to getting it.

I am disappointed that I cant use it over a trunk link, but i do have a question..Take a look at the attached pic.

Our MAIN Vlan 17 is the one we use, all the other ones are for our tennants. If I move the Gig 0/1.17 to Gig 0/3, would that work?

Would there be any other settings I would need to do? and would you recommend?

New Member

Re: What is a good webfilter to use???

SOrry, i forgot to attached the pic. Here it is. :)

Re: What is a good webfilter to use???

That should work fine. Just remember to set your security level on the interface, the ACL, and any NAT.

New Member

Re: What is a good webfilter to use???

I understand putting our security level on the Interface, but what do you mean by ACL, and NAT.. I thought they would just see the interface once i configured it and just go with it. This is my first time setting this up, so I am still learning. I thought the ACL and NAT settings would stay the same?

Re: What is a good webfilter to use???

They can. For the ACL you will need to move it to the new interface. NAT will most likely stay the same as long as your address space doesn't change (which I assumed it wouldn't, but just wanted to mention it.)

New Member

Re: What is a good webfilter to use???

Ok, yes the NAT will stay the same...Can you give me a example of which ones i need to move? Keep in mind, i am new :)

New Member

Re: What is a good webfilter to use???

and all subnets are staying the same. 172.17.0.2

Re: What is a good webfilter to use???

Let's say you have an ACL (let's call it inside_access) applied to the inside interface. We remove it from the old interface (inside) and apply it to the new interface (inside_1).

no access-group inside_access in interface inside

access-group inside_access in interface inside_1

Even if you keep the same name for the interfaces, when the original one is deleted the ACL will automatically be removed so you will still ehve to re-apply it.

New Member

Re: What is a good webfilter to use???

Ok i understand, however, these are all my ACL's, i dont see where it says Interface ******* to change it...see attached....

Re: What is a good webfilter to use???

It's only a partial config and the relevant info is a little further down. However you have an ACL named inside_out that is probably applied to the inside interface. Try this command and see if you see where the ACLs are applied-

show run | i access-group

New Member

Re: What is a good webfilter to use???

himg-asa# show running-config | i access-group

access-group outside_in in interface outside per-user-override

access-group RESTRICT_SMTP in interface inside_vlan17

access-group dmz_in in interface dmz

Re: What is a good webfilter to use???

Cool. The ACL RESTRICT_SMTP is applied to the inside_vlan17 interface. When you move the IP over to gi0/3, remove the ACL then apply to the new interface.

no access-group RESTRICT_SMTP in interface inside_vlan17

access-group RESTRICT_SMTP in interface new_inside_vlan17

New Member

Re: What is a good webfilter to use???

THank you!!! I rated you 5!..

THanks for taking time out of your day for me...

Dustin

Re: What is a good webfilter to use???

No problem. Good luck with the cut.

265
Views
0
Helpful
15
Replies
CreatePlease to create content