Filtering internet access from sites with their own 'internet link'
We'd like to be able to provide internet access to our remote sites using a cable modem supplied by an ISP rather than connecting them to the corporate network, but we need to be able to monitor and filter the web sites the access.
Anyone have any suggestions on how I can do this?
I was thinking along the lines of a PIX in each site that re-directs port 80 to a proxy server, but I don't want to re-direct it to our proxy as this would use precious bandwidth on our internet link.
So ideally the PIX could query a service on the internet that we could configure the www access restrictions on.
Re: Filtering internet access from sites with their own 'interne
What are you using for filtering at the main site?
The Pix can send the HTTP requests to a Websense or N2H2 server to have them authorized. The server could be centrally located to service all locations though the response time would be affected. The server only authorizes the session, it does not request the page on the clients behalf. Therefore, the traffic for browsing would still be at the spoke site. Websense supports distributred deployments with a common rule base.
The Pix does not need to participate. You can do local filtering/caching in front/behind the Pix using ISA, websense, Blue Coat, SurfControl, etc.
A bigger security question is how you're going to provide for intrusion detection at each spoke site now that each has its own Internet connection.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :