Sent: Friday, October 18, 2002 9:03
PM
Subject: [FW-1] Using WebSense instead
of proxy servers
Sorry is this has been mentioned
already...
Maybe we are a little old school, but our shop
has never been a fan of using the firewall for anything but a
firewall. They are already a point of failure, why push the
issue? There are a number of differnet apps that the firewall can
support, IDS, URL filtering, websense...just to name a few
Our setup:
Dual Nokia 440s (latest IPSO, sp5)
MS proxy 2.0
Websense (newest ver 4.3?) it's been a long
day!
Websense Reported 6.3 (using SQL)
All of the boxes are separate with the
exception of the websense products. In the past we have run the proxy
and websense on the same box, but performance was an issue. To elivate
failure points and in a effort to increase performance they were
separated. All web traffic is funnled to websense via an
ISAPI filter on the proxy. So far so good, my policy need some tweaking but
I am happy with the reports so far.
We use the proxy in the same manner, no
unauthenticated users....proxy access is done through global group
grants.
Regards
----- Original Message -----
Sent: Monday, October 14, 2002 3:31
PM
Subject: [FW-1] Using WebSense
instead of proxy servers
Hello,
I want to setup Websense with my FW-1
installation and phase out the MS proxy servers. Currently we use proxies
because they authenticate
our users. ( Some users aren't allowed WWW access
and others are)
We use DHCP and have 300-700 users so DENY rules
wouldn't be efficient. Is anyone using Websense/ FW-1 to
authenticate users for WWW?
And what problems have you ran into...? I
hear there is an agent you install on your domain controllers to query the
users DB..
Thanks
Josh Perrymon
Network Security Consultant
BE&K , INC
(205) 972-6745
