I just want to start a discussion on how some of us may be controlling
web access. I have reviewed some of the ASA features such as outbound firewall authentication but it does
not seem to scale and it does not seem to operate real well with multiple auth windows. We have a very mixed environment with MAC as well as PC's that may or may not be under our domain control. Many of the managers do not want multiple authentications and just want it to happen without user intervention.
Any suggestions? I need to be able to trace traffic back to particular users. I also need to have varying degrees of URL filtering.
Just want to hear how some of you may be taking care of knowing who is doing what on the internet.
Re: Large Scale Control of Web(How are you doing it?)
I believe you are asking if the users can be authenticated when they open the browser to surf the web.
With websense and active directory integration you can use group policies to push changes to the browser to take the locally logged in domain login credentials (not even throw a login window) when a user tries to open IE to surf the web.
These users requests will be sent to websense and you can generate reports from websese based on the domain user ID and the sites visited.
I have implemented this in the past with great success. If you have more than 500 users this may be a good option for you.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...