https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520166#M417331 <P>Hi all,</P><P></P><P>I was wondering whether it is feasible to install one ASA with CSC-SSM-20 module and licence for 500 users in HQ, enable it to talk with Microsoft AD and funcion as a proxy for Content Filtering for remote sites and mobile users. Basically what we what to achieve is the users in remote sites authenticate with AD over VPN and before going out to surfe web throught their local ISP would need go through content filtering in the HQ on ASA.</P><P></P><P>In that case all the Internet traffic from remote site would need to go out through the ISP in HQ?</P><P></P><P>Another solution is to implement Content Filtering with TrendMicro on 800 routers in each site but the license wise it would be very expensive for 60+ sites.</P><P></P><P>Thanks for any suggestions.</P> Fri, 21 Feb 2020 12:09:35 GMT remi-reszka 2020-02-21T12:09:35Z https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520166#M417331 <P>Hi all,</P><P></P><P>I was wondering whether it is feasible to install one ASA with CSC-SSM-20 module and licence for 500 users in HQ, enable it to talk with Microsoft AD and funcion as a proxy for Content Filtering for remote sites and mobile users. Basically what we what to achieve is the users in remote sites authenticate with AD over VPN and before going out to surfe web throught their local ISP would need go through content filtering in the HQ on ASA.</P><P></P><P>In that case all the Internet traffic from remote site would need to go out through the ISP in HQ?</P><P></P><P>Another solution is to implement Content Filtering with TrendMicro on 800 routers in each site but the license wise it would be very expensive for 60+ sites.</P><P></P><P>Thanks for any suggestions.</P> Fri, 21 Feb 2020 12:09:35 GMT https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520166#M417331 remi-reszka 2020-02-21T12:09:35Z https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520167#M417332 <HTML><HEAD></HEAD><BODY><P>So from what you are saying you will have the ASA terminate your VPN for remote users and then you want the ASA with its CSC to do URL filtering based on AD. </P><P></P><P>Well that would work only if all your web traffic from your users was hitting the ASA (U-turning it). If you are doing split tunneling for web it will not work because the ASA doesn't see the browsing traffic.</P><P></P><P>I hope it makes sense.</P><P></P><P>PK</P></BODY></HTML> Tue, 16 Nov 2010 20:02:52 GMT https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520167#M417332 Panos Kampanakis 2010-11-16T20:02:52Z https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520168#M417333 <HTML><HEAD></HEAD><BODY><P>It makes sense. All the web traffic from the remote office will need to go through ASA in HQ to take full advantage of CSC. Thanks very much for your input, I am going to reward you with some points.</P></BODY></HTML> Tue, 16 Nov 2010 21:16:24 GMT https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520168#M417333 remi-reszka 2010-11-16T21:16:24Z https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520169#M417334 <HTML><HEAD></HEAD><BODY><P>Haha, thanks!</P><P></P><P>Good luck setting it up,</P><P>PK</P></BODY></HTML> Tue, 16 Nov 2010 21:37:28 GMT https://community.cisco.com/t5/network-security/centralized-content-filtering-with-asa/m-p/1520169#M417334 Panos Kampanakis 2010-11-16T21:37:28Z