content filter w/ ASA (PIX)

DarkOne_BW

Limp Gawd
Joined
Apr 21, 2002
Messages
472
I admin a small-school network and have been using a Debian&Squid solution sold by N2H2 for my HTTP content filtering.

I'm now looking into moving away from the proxy of old and into a NAT solution with a Cisco ASA and some content filter that works well with the PIX IOS.

Question for anyone out there using a PIX or ASA:

What content filtering solutions do you use?

I've not been entirely pleased with N2H2. While their solution tends to block most of my unwanted content, there are some issues, mainly the circumvention methods that so easily defeat Bess, the responsiveness of the proxy itself, and some issues with using an http proxy (primarily with OSX and Adobe Reader7). For laughs, I did name my new female golden retriever Bess. heh

I'm just looking for alternatives to N2H2 (now Secure Computing) and hope some admins out there have experience with those alternatives. Price really isn't so much of an issue... most of the companies that provide content filters seem to be pretty competetive.
 

Boscoh

[H]ard|Gawd
Joined
Nov 25, 2003
Messages
1,159
I've used quite a few. The PIX and ASA natively support N2H2 and Websense in the "transparent proxy" mode. That is...they can be configured so every URL requested is forwarded to the filtering server and the PIX/ASA holds the URL in question until the filtering server replies whether the site is permitted or blocked. This works extremely well, and your users dont have to be configured to go through a proxy.

Websense is far and away the best, in my opinion. But they're expensive. For a school, there is probably a pretty large price break. So if cost is really not an issue, Websense is the way I'd go.
 

BobSutan

[H]F Junkie
Joined
Apr 5, 2000
Messages
10,779
Boscoh said:
I've used quite a few. The PIX and ASA natively support N2H2 and Websense in the "transparent proxy" mode. That is...they can be configured so every URL requested is forwarded to the filtering server and the PIX/ASA holds the URL in question until the filtering server replies whether the site is permitted or blocked. This works extremely well, and your users dont have to be configured to go through a proxy.

Websense is far and away the best, in my opinion. But they're expensive. For a school, there is probably a pretty large price break. So if cost is really not an issue, Websense is the way I'd go.

Boscoh speaks the truth. The PIX is rather limited in that it only supports Websense and N2H2, butt from what I've read it does URL filtering pretty well. Having past experience with Secure Computing and their firewalls, I'd definitely recommend Websense as they'd be hard-pressed to be as bad of a company as SC.

Just my $.02.
 
Top