[c-nsp] Cisco and Websense
Chris Hale
chris at peaknetworks.com
Thu Mar 10 15:37:45 EST 2005
Depending on the end-CPE throughput requirements, just put in a small 1700
or SonicWall TZ-170 that does the Websense checking at the edge.
Chris
**-----Original Message-----
**From: Brian Feeny [mailto:signal at shreve.net]
**Sent: Monday, March 07, 2005 6:20 PM
**To: Virgil
**Cc: cisco-nsp at puck.nether.net
**Subject: Re: [c-nsp] Cisco and Websense
**
**
**Virgil,
**
**Thanks that sounds like it would work. I hate the idea of the router
**redirecting to the CE
**just so that it can redirect to the Websense server though. I wish the
**router could do
**this in one shot. As far as running Websense on the CE itself, I
**beleive you can only do that
**on the very high end CE's which are very expensive. I need to deploy
**this model/functionality
**at about 12-15 sites which are all connected back to a central core,
**and I plan to have websense
**servers at the core they all can utilize. This way I pool the websense
**licensing as well.
**
**Brian
**
**On Mar 7, 2005, at 8:52 AM, Virgil wrote:
**
**> On 7/3/05 10:43 PM, "Brian Feeny" <signal at shreve.net> wrote:
**>
**>> Does anyone know of a device that will work with websense, that you
**>> can
**>> put an aggregate traffic stream thru, and will only websense filter
**>> based on some sort of policy, such as an ACL?
**>
**> A WCCP(2) enabled device[1] and a Cisco Cache Engine[2] will do this.
**> You define the "wccp-able" traffic on the interface(s) on the router,
**> and on
**> the CE you enable either the local WebSense server[3], or an external
**> WebSense server. If you enable WebSense (or N2H2 or SmartFilter etc)
**> on the
**> CE, then *everything* that arrives at the CE is sent to the advanced
**> filter[4]
**>
**> [1] ip wccp {web-cache | service-number} [group-address groupaddress]
**> [redirect-list access-list] [group-list access-list] [password [0-7]
**> password]
**> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/
**> products_confi
**> guration_guide_chapter09186a0080236619.html#wp1545117
**>
**> ip access-list extended wccp-redirect
**> !don't transproxy this dest
**> deny ip any <subnet>
**> !transproxy this client IP
**> permit ip <client IP> any
**>
**> And then enable it on the relevant interface.
**>
**> [2] Configuring Standalone Content Engines for WCCP Transparent
**> Redirection
**> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/
**> products_confi
**> guration_guide_chapter09186a0080236619.html#wp1566189
**>
**> [3] "URL Filtering with Websense Software"
**> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/
**> products_confi
**> guration_guide_chapter09186a008023661e.html#wp1045415
**>
**> [4] "The url-filter global configuration command takes precedence over
**> the
**> rule global configuration command to the extent that even the rule
**> no-block
**> command is executed only if the url-filter command has not blocked the
**> request."
**>
**> http://www.cisco.com/en/US/customer/products/sw/conntsw/ps491/
**> products_confi
**> guration_guide_chapter09186a008023661e.html
**>
**> Regards
**> Virgil
**>
**> --
**> Virgil Tel: +61 7 3230 7332
**> Infrastructure Projects Manager Fax: +61 1800 640 098
**> WebCentral Pty Ltd Mob: +61 419 170749
**> http://www.webcentral.com.au Email:
**> virgil at webcentral.com.au
**>
**> 2004 Microsoft Global Hosting Service Provider of the Year
**> A WebCentral Group Limited company (ASX: WCG)
**>
**> The information contained in this email message may be confidential.
**> If you
**> are not the intended recipient, any use, distribution, disclosure
**> copying or
**> archiving of this information is prohibited. If you receive this
**> email in
**> error, please tell us by return email and delete it and any
**> attachments from
**> your system.
**>
**
**_______________________________________________
**cisco-nsp mailing list cisco-nsp at puck.nether.net
**https://puck.nether.net/mailman/listinfo/cisco-nsp
**archive at http://puck.nether.net/pipermail/cisco-nsp/
**
**
**--
**No virus found in this incoming message.
**Checked by AVG Anti-Virus.
**Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 3/9/2005
**
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.7.1 - Release Date: 3/9/2005
More information about the cisco-nsp
mailing list