Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Large Scale Control of Web(How are you doing it?)

I just want to start a discussion on how some of us may be controlling

web access.  I have reviewed some of the ASA features such as outbound firewall authentication but it does

not seem to scale and it does not seem to operate real well with multiple auth windows.  We have a very mixed environment with  MAC as well as PC's that may or may not be under our domain control.  Many of the managers do not want multiple authentications and just want it to happen without user intervention.

Any suggestions?  I need to be able to trace traffic back to particular users.  I also need to have varying degrees of URL filtering.

Just want to hear how some of you may be taking care of knowing who is doing what on the internet.

4 REPLIES
Cisco Employee

Re: Large Scale Control of Web(How are you doing it?)

You may want to have a look at the CSC-SSM, a module that can be inserted in most (not all) ASA models and runs Trend Micro software that does anti-virus, anti-spam, url filtering etc.

http://www.cisco.com/web/go/cscssm

Cisco Employee

Re: Large Scale Control of Web(How are you doing it?)

Could you pls. define large scale? More than 500 users? If so I'd go with the websense solution.

You can read here:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

-KS

Cisco Employee

Re: Large Scale Control of Web(How are you doing it?)

URL filtering and auth proxy are different things.

For filtering you can use IPS URL filtering, CSC module in ASA, n2h2 and websense. The all scale quite well if your router is big enough and if you are within their specs.

Foe authenticating certain users, the CSC can define policies with AD and force them according to what group you belong in so that is pretty helpful I believe.

For the rest auth proxy authentication will be done seperately either on a router or ASA with downloadable ACLs potentially.

Just some options out there...

I hope it helps.

PK

Cisco Employee

Re: Large Scale Control of Web(How are you doing it?)

I believe you are asking if the users can be authenticated when they open the browser to surf the web.

With websense and active directory integration you can use group policies to push changes to the browser to take the locally logged in domain login credentials (not even throw a login window) when a user tries to open IE to surf the web.

These users requests will be sent to websense and you can generate reports from websese based on the domain user ID and the sites visited.

I have implemented this in the past with great success. If you have more than 500 users this may be a good option for you.

-KS

206
Views
0
Helpful
4
Replies