Sorry is this has been mentioned
already...
Maybe we are a little old school, but our shop has
never been a fan of using the firewall for anything but a firewall. They
are already a point of failure, why push the issue? There are a number of
differnet apps that the firewall can support, IDS, URL filtering,
websense...just to name a few
Our setup:
Dual Nokia 440s (latest IPSO, sp5)
MS proxy 2.0
Websense (newest ver 4.3?) it's been a long
day!
Websense Reported 6.3 (using SQL)
All of the boxes are separate with the exception of
the websense products. In the past we have run the proxy and websense on
the same box, but performance was an issue. To elivate failure points and
in a effort to increase performance they were separated. All web
traffic is funnled to websense via an ISAPI filter on the proxy. So
far so good, my policy need some tweaking but I am happy with the reports so
far.
We use the proxy in the same manner, no
unauthenticated users....proxy access is done through global group
grants.
Regards
----- Original Message -----
|