We use filter rules on an ASA5510 firewall to direct clients to a web filtering server which generally works very well.
However lately we're finding that despite having more web filtering licenses than users, the web filtering licenses are being consumed up, mainly because of a recent increase in the rollout of ipads, iphones, androids etc.
We could deploy a proxy server in the wireless DMZ to make all the wireless devices appear to web filter as a single IP, and apply a single policy,
but that brings it's own problems.
My question is: Is there a way to hide them all behind the interface IP instead, so that all wireless devices appear to the web filter on the LAN as the wireless dmz interface IP rather than the wireless device IP?
I know this means we can only apply one web filter policy but this is an acceptable solution.
I would say, "It depends". Some proxies use a license by username rather than IP address. If yours does use license by IP, you could NAT before hitting the firewall. I think you would have to NAT it before hitting your ASA and not on the DMZ interface.
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...