Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Filtering internet access from sites with their own 'internet link'

We'd like to be able to provide internet access to our remote sites using a cable modem supplied by an ISP rather than connecting them to the corporate network, but we need to be able to monitor and filter the web sites the access.

Anyone have any suggestions on how I can do this?

I was thinking along the lines of a PIX in each site that re-directs port 80 to a proxy server, but I don't want to re-direct it to our proxy as this would use precious bandwidth on our internet link.

So ideally the PIX could query a service on the internet that we could configure the www access restrictions on.



Re: Filtering internet access from sites with their own 'interne

What are you using for filtering at the main site?

The Pix can send the HTTP requests to a Websense or N2H2 server to have them authorized. The server could be centrally located to service all locations though the response time would be affected. The server only authorizes the session, it does not request the page on the clients behalf. Therefore, the traffic for browsing would still be at the spoke site. Websense supports distributred deployments with a common rule base.

The Pix does not need to participate. You can do local filtering/caching in front/behind the Pix using ISA, websense, Blue Coat, SurfControl, etc.

A bigger security question is how you're going to provide for intrusion detection at each spoke site now that each has its own Internet connection.

New Member

Re: Filtering internet access from sites with their own 'interne

At the moment we use iGear but this may well be changine within the next few months.........

IDS is taken care of with Snort.

So Websense will just authorize a page rather than proxy it then......that sounds just like what we're looking for.


CreatePlease to create content