[c-nsp] Cisco and Websense

Brian Feeny signal at shreve.net
Mon Mar 7 18:20:13 EST 2005 

Virgil,

Thanks that sounds like it would work.  I hate the idea of the router  
redirecting to the CE
just so that it can redirect to the Websense server though.  I wish the  
router could do
this in one shot.  As far as running Websense on the CE itself, I  
beleive you can only do that
on the very high end CE's which are very expensive.  I need to deploy  
this model/functionality
at about 12-15 sites which are all connected back to a central core,  
and I plan to have websense
servers at the core they all can utilize.  This way I pool the websense  
licensing as well.

Brian

On Mar 7, 2005, at 8:52 AM, Virgil wrote:

> On 7/3/05 10:43 PM, "Brian Feeny" <signal at shreve.net> wrote:
>
>> Does anyone know of a device that will work with websense, that you  
>> can
>> put an aggregate traffic stream thru, and will only websense filter
>> based on some sort of policy, such as an ACL?
>
> A WCCP(2) enabled device[1] and a Cisco Cache Engine[2] will do this.
> You define the "wccp-able" traffic on the interface(s) on the router,  
> and on
> the CE you enable either the local WebSense server[3], or an external
> WebSense server.  If you enable WebSense (or N2H2 or SmartFilter etc)  
> on the
> CE, then *everything* that arrives at the CE is sent to the advanced
> filter[4]
>
> [1] ip wccp {web-cache | service-number} [group-address groupaddress]
> [redirect-list access-list] [group-list access-list] [password [0-7]
> password]
> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/ 
> products_confi
> guration_guide_chapter09186a0080236619.html#wp1545117
>
> ip access-list extended wccp-redirect
>  !don't transproxy this dest
>  deny ip any <subnet>
>  !transproxy this client IP
>  permit ip <client IP> any
>
> And then enable it on the relevant interface.
>
> [2] Configuring Standalone Content Engines for WCCP Transparent  
> Redirection
> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/ 
> products_confi
> guration_guide_chapter09186a0080236619.html#wp1566189
>
> [3] "URL Filtering with Websense Software"
> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/ 
> products_confi
> guration_guide_chapter09186a008023661e.html#wp1045415
>
> [4] "The url-filter global configuration command takes precedence over  
> the
> rule global configuration command to the extent that even the rule  
> no-block
> command is executed only if the url-filter command has not blocked the
> request."
>
> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/ 
> products_confi
> guration_guide_chapter09186a008023661e.html
>
> Regards
> Virgil
>
> -- 
> Virgil                                    Tel:    +61 7 3230 7332
> Infrastructure Projects Manager           Fax:    +61 1800 640 098
> WebCentral Pty Ltd                        Mob:    +61 419 170749
> http://www.webcentral.com.au              Email:   
> virgil at webcentral.com.au
>
> 2004 Microsoft Global Hosting Service Provider of the Year
> A WebCentral Group Limited company (ASX: WCG)
>
> The information contained in this email message may be confidential.  
> If you
> are not the intended recipient, any use, distribution, disclosure  
> copying or
> archiving of this information is prohibited.  If you receive this  
> email in
> error, please tell us by return email and delete it and any  
> attachments from
> your system.
>

More information about the cisco-nsp mailing list