It looks like you are after Websence content gateway from a quick look at their site which does offer transparent filtering
Depends on your budget, but the Cisco ASA security devices support mandatory transparent HTTP/S filtering through a Websense server. The Juniper Netscreen range certainly do too, though not sure about the newer SSG stuff.
ASA Specs: http://www.cisco.com/en/US/prod/coll...cd80285492.pdf
The 5505 handles 4000 connections/sec and is about £400. You get a two user license for the SSL gateway with that too, which might be useful.
The DC agent/Logon agent running on Websense will handle user identification.
Feel free to give us a shout if you have any Q's about setting up Websense (and/or the ASA side of things). FWIW, I've found Websense v7 to be considerably more reliable than 6.x
Cheers i have setup websense plenty of times on ISA just looking for other options.
I have finally got round to looking into this more.
I have setup an ISA 2006 Server. I have given it 2 NIC's. One internal and the other connects to the external network. I have set the client Default Gateway to the server. The firewall rules work well, i can block URLS using ISA.
However Websense doesn't the only way i can get it to work is by inputting the proxy server in the Web Browser.
Does anyone have any suggestions. I am considering pushing a .pac file using DHCP put i would like to see if i can do it without this first.
If you can push a pac file, do so. Transparent proxying is generally not worth the hassle unless there is no other way round it.
I was hoping to do it without that, but it looks like i might have to.
Just found using this method that you have to enable automatically discover proxy settings in IE. This is something that might not be enabled on all the laptops.
This is the default setting - so shouldn't be too much of an issue.
You might be able to perform some trickery on those users who don't get the proxy, so they get a page telling them what to do...
All working now thanks to this - ISA SecureNAT and Firewall Clients Can Bypass Websense Content Filtering Richard Hicks' ISA/TMG Blog
On page 13 under the ‘Configuring the ISAPI Filter’ section you will see that in order to correctly filter SecureNAT and Firewall Clients you must create a file called ‘ignore.txt’ in the Windows\System32 folder. This file should contain the hostname or IP address of the ISA firewall that the filtering plug-in is installed on (note also that this entry should be in all caps).
There are currently 1 users browsing this thread. (0 members and 1 guests)