05-04-2008 10:55 AM
Around here its about time for another WSA vs BlueCoat battle and I need some ammo ;)
I'll get the usual docs through our SEs and arrange for another eval box to play with, but I was looking for some feedback from people who actually used this device in production.
We"re looking at a redundant setup, two devices with an identical config (aside from ip addressing and such) which each should be able to handle the full load. BC has an advantage here because they have virtual ips that can move from one box to the other. Luckily in our first project that won't be a problem because we already have load balancers in place that can perform this task. But how do you keep the device configurations in sync? BC has a small tool available for partners that does just this (specify the source and a number of targets, and it syncs the full configuration). Is there something similar for the WSA or do you do all this manually?
BC policies are very powerful, sometimes required but often to complex. I know from the previous test that we can transfer about 95% of the policy to the WSA, which is sufficient. The WSA policy was easier to interpret for the admins than that of the BC so that was a plus, but it also left me with some concerns. What if we need to do something like disable authentication for useragent X when accessing site Y, or more complex rules that can't be done in the GUI? Do you often run into problems like this?
Lets just say having something like the messagefilters of the c-series available - even if its just in case - would make me feel better.
Any other pros / cons you might have, are welcome. I don't expect the WSA will completely replace BC any time soon - a lot more features will need to be implemented first. But i have a couple more customers in mind where the WSA may be a better choice.
05-19-2008 11:55 PM
BC has a small tool available for partners that does just this (specify the source and a number of targets, and it syncs the full configuration). Is there something similar for the WSA or do you do all this manually?
What if we need to do something like disable authentication for useragent X when accessing site Y, or more complex rules that can't be done in the GUI?
Any other pros / cons you might have, are welcome.
05-19-2008 11:57 PM
Also,
Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.
05-20-2008 02:55 PM
Also,
Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.
05-21-2008 05:03 PM
Also,
Inquiries regarding the WSA are best written in the "Web Security" forum. There are many users who actively read and write articles and you will receice more exposure for your questions.
Hi Josh,
I moved it to the Lounge as it was less of a technical question about WSA - so it was originally in WSA. :lol: So, he had it right - my mistake!
Cheers,
Cordelia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide