Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
4
Replies

Large Scale Control of Web(How are you doing it?)

jcosgrove
Level 1
Level 1

‎03-02-2010 09:15 AM - edited ‎03-11-2019 10:16 AM

I just want to start a discussion on how some of us may be controlling

web access.  I have reviewed some of the ASA features such as outbound firewall authentication but it does

not seem to scale and it does not seem to operate real well with multiple auth windows.  We have a very mixed environment with  MAC as well as PC's that may or may not be under our domain control.  Many of the managers do not want multiple authentications and just want it to happen without user intervention.

Any suggestions?  I need to be able to trace traffic back to particular users.  I also need to have varying degrees of URL filtering.

Just want to hear how some of you may be taking care of knowing who is doing what on the internet.

Labels:
0 Helpful
4 Replies 4

Herbert Baerten
Cisco Employee
Cisco Employee

‎03-03-2010 07:16 AM

You may want to have a look at the CSC-SSM, a module that can be inserted in most (not all) ASA models and runs Trend Micro software that does anti-virus, anti-spam, url filtering etc.

http://www.cisco.com/web/go/cscssm

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to Herbert Baerten

‎03-03-2010 07:55 AM

Could you pls. define large scale? More than 500 users? If so I'd go with the websense solution.

You can read here:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

-KS

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Kureli Sankar

‎03-03-2010 08:12 AM

URL filtering and auth proxy are different things.

For filtering you can use IPS URL filtering, CSC module in ASA, n2h2 and websense. The all scale quite well if your router is big enough and if you are within their specs.

Foe authenticating certain users, the CSC can define policies with AD and force them according to what group you belong in so that is pretty helpful I believe.

For the rest auth proxy authentication will be done seperately either on a router or ASA with downloadable ACLs potentially.

Just some options out there...

I hope it helps.

PK

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to Panos Kampanakis

‎03-03-2010 08:53 AM

I believe you are asking if the users can be authenticated when they open the browser to surf the web.

With websense and active directory integration you can use group policies to push changes to the browser to take the locally logged in domain login credentials (not even throw a login window) when a user tries to open IE to surf the web.

These users requests will be sent to websense and you can generate reports from websese based on the domain user ID and the sites visited.

I have implemented this in the past with great success. If you have more than 500 users this may be a good option for you.

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card