I have a scenario where we are evaluating the possibility of moving from Centralised Internet access model to Local breakout. We are using a Bluecoat Proxy SG local to the site. The proxy is not in transparent mode, therefore all clients Internet settings are configured with the IP address of the Proxy server. I have read various threads on the forum and as I understand, I can configure the local Layer 3 switch with PBR and ACLs to force all Port 80 traffic to an interface or IP address. Is this a correct assumption? If so, can you please give me some guidance on how to configure this.
Thank You Jon & Giuseppe, I appreciate your feedback. We will be installing this in a location next Tuesday and will update the thread with the results. I guess we will go with the approach of Proxy mode without any PBR or WCCP? We use Scansafe Web Filering (SaS) so the proxies forward all traffic to their servers.
The follow on from this will be to configure Guest Wireless access using the same proxy, so I guess best practise in this case would be to use PBR to isolate the Guest user VLAN for internet traffic only. Guest users will need the ability to access the internet and also initiate VPN connections to their own corporate networks.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...