Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1308
Views
0
Helpful
4
Replies

Global Web Filtering Options

paulhawker
Level 1
Level 1

‎12-07-2010 02:43 AM - edited ‎02-21-2020 04:10 AM

I am looking for a global web filtering solution for our business but am having trouble finding a solution that will work acceptably for us globally.

The problem is that our campany has hundreds of very small offices (mostly only 2-3 users with the odd larger office) located in remote locations all around the world where WAN links are very expensive and slow.

We use all small office type cisco routers in our remote offices of various types (such as 800 series) and are rolling out WAAS/WAVE solutions to optimise our slow WAN links as much as possible, and all sites have site-to-site VPNs from the routers to our UK-based data centres.

Currently we use Websense configured on the local routers at a few of our offices with a regional server in places such as the UK for most of Europe, and Mobile for most of the US for example.

We could expand this to all locations, including Australasia, Middle East, Far East and Africa etc. but due to the remote locations we would need many local servers in many countries as the infrastructure to have just one regional Websense server isn't good enough in these areas and web performance would be too slow to be useable due to the latency to the Websense server location. It simply isn't financially feasible to put in hundreds of servers at lots of 2-3 man offices in the middle of no-where so I've been looking at other options.

I was hoping a hosted solution would be the answer, but I've looked at WebSense's hosted service and it doen't appear to cover all regions (just has server farms in US/Europe which is no good for Africa etc.) I've also looked at Symantec MessageLabs but this has the same problem as there is no coverage in the Middle East/Asia/Africa etc and it proxies all web traffic so performance at these sites would probably be appaling with the limited bandwidth on top of the latency to the closest MessageLabs servers.

I've now seen that Cisco have a new IOS Content Filter which uses Trend database servers. This sounded promising as it appears to cache the URL checks on the router making the server location less of an issue. But I'd still like to know where in the world they cover (I've seen reference to only 4 data centres globally). My other concern with this solution is whether it integrates into AD, so we can apply policies based on the user accounts like we do currently with the WebSense solution. The last thing is the price of this solution as it appears to be licensed based on the number of routers rather than the number of users. As our users are so spread out with only 2-3 users per router on average this is likely to mean for us this solution will be ridiculously expensive, can anyone advise if this is the case?

My question therefore is can anyone advise on a solution for this that will work with our Cisco infrastructure in all our offices without having to purchase lots of servers for remote locations? I've seen that other vendors such as the Astaro Security Gateway have web filtering built into their products without the need for external servers, but I'd prefer to stick with Cisco if at all possible.

Many thanks for any advice/help anyone can give me in this area.

Paul

0 Helpful
4 Replies 4

paolo bevilacqua
Hall of Fame
Hall of Fame

‎12-07-2010 08:34 AM

I think your question is better posed to the Security Forum, or even better, to a Senior System Engineer or Consutlat at your local Cisco sales Offfice.

0 Helpful

paulhawker
Level 1
Level 1
In response to paolo bevilacqua

‎12-07-2010 09:32 AM

Thanks for the advice, I've moved to Security - Network Management now so hopefully thats a bit more appropriate.

0 Helpful

davidkirchner
Level 1
Level 1

‎12-07-2010 09:09 AM

This should be answered by a Cisco guy.

But I can tell you I had a non-Cisco router with web based filters and it hit the router hard.  Sometimes web traffic would timeout! It took alot of time and processor power to filter the web.  Today I just use OpenDNS as my DNS provider.  They are free, they block the basics and it does not impede internet speed.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to davidkirchner

‎12-08-2010 08:06 AM

Hi Paul,

IOS Content filtering is licensed on a per router basis, you are right. So, probably that would not scale for you.

Cisco has other solutions with Web Filtering and Ironport engines. The challenge in your setup is that each remote site would need to "call" to a central web filtering location that will be making the decision on allowing or no. Or you would need a service that scales well on a per contintent basis. There are some new Cisco web filtering options that could scale with servers almost everywhere in the world. But I don't think you can get a consice answer from this forum about your potential choices here.

You local Cisco team will be able to provide you with these options. You are welcome to give them my email if they need to talk to me internally.

I hope it helps a little.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card