We are considering enabling this feature at our remote sites, with Websense server at corporate location. Has anyone enabled this feature at their remotes? If so, what was the user experience considering the additional latency of WAN? Any feedback would be appreciated.
I've seen WebSense on a LAN only, but I've used SurfControl with local databases and integrated into non-Cisco products. Integrated filtering uses an Internet server for URL filter, so it similar to using a WAN or VPN.
Websense on the LAN didn't slow things down any more than just using 'http inspect' of 'appfw'. Integrated filtering noticeably slows down browsing for non-cached results. Extreme cases like cnn.com or msn.com could take up to 10-12 seconds longer for the first page load. Local caching evens performance out a bit, so it's not that bad.
It really kind of depends on the WAN connection that you are using, the number of users and the response time of the Websense filter server. If latency to the central site is under 100ms and there are less than 20 or so users remotely, your scenario should be fine. Your suggestion is still likely to offer better performance than routing all internet traffic through the central site in a typical setup.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...