Sent: Friday, October 18, 2002 9:03
PM
Subject: [FW-1] Using WebSense instead of
proxy servers
Sorry is this has been mentioned
already...
Maybe we are a little old school, but our shop
has never been a fan of using the firewall for anything but a firewall.
They are already a point of failure, why push the issue? There are a
number of differnet apps that the firewall can support, IDS, URL filtering,
websense...just to name a few
Our setup:
Dual Nokia 440s (latest IPSO, sp5)
MS proxy 2.0
Websense (newest ver 4.3?) it's been a long
day!
Websense Reported 6.3 (using SQL)
All of the boxes are separate with the exception
of the websense products. In the past we have run the proxy and websense
on the same box, but performance was an issue. To elivate failure points
and in a effort to increase performance they were separated. All
web traffic is funnled to websense via an ISAPI filter on the
proxy. So far so good, my policy need some tweaking but I am happy with the
reports so far.
We use the proxy in the same manner, no
unauthenticated users....proxy access is done through global group
grants.
Regards
----- Original Message -----
Sent: Monday, October 14, 2002 3:31
PM
Subject: [FW-1] Using WebSense instead
of proxy servers
Hello,
I
want to setup Websense with my FW-1 installation and phase out the MS proxy
servers. Currently we use proxies because they authenticate
our users. ( Some users aren't allowed WWW access
and others are)
We
use DHCP and have 300-700 users so DENY rules wouldn't be efficient.
Is anyone using Websense/ FW-1 to authenticate users for
WWW?
And what problems have you ran into...? I
hear there is an agent you install on your domain controllers to query the
users DB..
Thanks
Josh Perrymon
Network Security Consultant
BE&K , INC