[c-nsp] Cisco and Websense

Virgil virgil at webcentral.com.au
Mon Mar 7 08:52:57 EST 2005 

On 7/3/05 10:43 PM, "Brian Feeny" <signal at shreve.net> wrote:

> Does anyone know of a device that will work with websense, that you can
> put an aggregate traffic stream thru, and will only websense filter
> based on some sort of policy, such as an ACL?

A WCCP(2) enabled device[1] and a Cisco Cache Engine[2] will do this.
You define the "wccp-able" traffic on the interface(s) on the router, and on
the CE you enable either the local WebSense server[3], or an external
WebSense server.  If you enable WebSense (or N2H2 or SmartFilter etc) on the
CE, then *everything* that arrives at the CE is sent to the advanced
filter[4]

[1] ip wccp {web-cache | service-number} [group-address groupaddress]
[redirect-list access-list] [group-list access-list] [password [0-7]
password] 
http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/products_confi
guration_guide_chapter09186a0080236619.html#wp1545117

ip access-list extended wccp-redirect
 !don't transproxy this dest
 deny ip any <subnet>
 !transproxy this client IP
 permit ip <client IP> any

And then enable it on the relevant interface.

[2] Configuring Standalone Content Engines for WCCP Transparent Redirection
http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/products_confi
guration_guide_chapter09186a0080236619.html#wp1566189

[3] "URL Filtering with Websense Software"
http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/products_confi
guration_guide_chapter09186a008023661e.html#wp1045415

[4] "The url-filter global configuration command takes precedence over the
rule global configuration command to the extent that even the rule no-block
command is executed only if the url-filter command has not blocked the
request."

http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/products_confi
guration_guide_chapter09186a008023661e.html

Regards
Virgil

-- 
Virgil                                    Tel:    +61 7 3230 7332
Infrastructure Projects Manager           Fax:    +61 1800 640 098
WebCentral Pty Ltd                        Mob:    +61 419 170749
http://www.webcentral.com.au              Email:  virgil at webcentral.com.au

2004 Microsoft Global Hosting Service Provider of the Year
A WebCentral Group Limited company (ASX: WCG)

The information contained in this email message may be confidential. If you
are not the intended recipient, any use, distribution, disclosure copying or
archiving of this information is prohibited.  If you receive this email in
error, please tell us by return email and delete it and any attachments from
your system.

More information about the cisco-nsp mailing list