Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
235
Views
0
Helpful
2
Replies

Filtering internet access from sites with their own 'internet link'

SteveGodfrey
Level 1
Level 1

‎06-25-2003 03:57 AM - edited ‎03-09-2019 03:48 AM

We'd like to be able to provide internet access to our remote sites using a cable modem supplied by an ISP rather than connecting them to the corporate network, but we need to be able to monitor and filter the web sites the access.

Anyone have any suggestions on how I can do this?

I was thinking along the lines of a PIX in each site that re-directs port 80 to a proxy server, but I don't want to re-direct it to our proxy as this would use precious bandwidth on our internet link.

So ideally the PIX could query a service on the internet that we could configure the www access restrictions on.

Thanks

Labels:
0 Helpful
2 Replies 2

shannong
Level 4
Level 4

‎06-25-2003 09:19 AM

What are you using for filtering at the main site?

The Pix can send the HTTP requests to a Websense or N2H2 server to have them authorized. The server could be centrally located to service all locations though the response time would be affected. The server only authorizes the session, it does not request the page on the clients behalf. Therefore, the traffic for browsing would still be at the spoke site. Websense supports distributred deployments with a common rule base.

The Pix does not need to participate. You can do local filtering/caching in front/behind the Pix using ISA, websense, Blue Coat, SurfControl, etc.

A bigger security question is how you're going to provide for intrusion detection at each spoke site now that each has its own Internet connection.

0 Helpful

SteveGodfrey
Level 1
Level 1
In response to shannong

‎06-25-2003 11:17 PM

At the moment we use iGear but this may well be changine within the next few months.........

IDS is taken care of with Snort.

So Websense will just authorize a page rather than proxy it then......that sounds just like what we're looking for.

Thanks

0 Helpful
Customers Also Viewed These Support Documents