Hi,
We currently use a piece of proxy software centrally in our datacentre and are looking to replace this by deploying a 5506 with firepower services utilising IPS,AMP and URL licensing.
We have multiple sites all linked up using Site to Site VPN's from remote site firewall to central datacentre firewall. Currently via remote site DHCP we push out a WPAD file to all endpoint PC's that says go to "this central IP" to go the internet. This is the IP address of our proxy server. So all users web traffic goes out over the site to site VPN, out to the internet centrally at the DC.
I'm wondering how this would work if we were to deploy firepower url filtering as our proxy. Could we use this same model of using a wpad file with a ip address of where the proxy is, does firepower have its own ip address that it would accept and filter traffic in this way.
I know that we could edit the wpad file and the remote firewall would route the web traffic but does firepower have its own IP address that would accept the traffic from a remote site in this way.
As in theory the traffic would be coming into the ASA's outside interface, being passed to firepower and then being sent back out the outside interface over the vpn.
Thanks in advance