Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1764
Views
0
Helpful
5
Replies

NAT before Websense to reduce license cost

ramcm.rr
Level 1
Level 1

‎01-18-2011 05:21 AM - edited ‎03-11-2019 12:36 PM

Hello All,

I am wondering if I can NAT before websense to reduce the licensing cost. Websense licensing is based on IP address allocation. What if I NAT all my 500 hosts to one IP and send to websense? So websense thinks all requests are coming from 1 host and I save on licensing

Thanks,

Ram

Labels:
0 Helpful
5 Replies 5

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-18-2011 05:36 AM

Hi Ram,

All about economics :-)

I don't see why it won't work.

Websense will see all requests coming from one single IP, and the PAT device can differentiate the connections

based on source port.

Maybe I'm missing something because I'm not familiar how websense works in this sense, but it sounds right.

Federico.

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎01-18-2011 08:26 AM

As Federico suggested, that is good idea. You can do it.

Note that if you are using websense with ASA, the ASA will be asking websense using just one ip address, so it will not eat up many ips off of your license.

I hope it helps.

PK

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to Panos Kampanakis

‎01-18-2011 08:35 AM

Ram,

People pay big bucks ($21.00 per seat is what I remember from when I evaluated it a few years ago) for the outstandbing reporting capability it has. Now, if you make all the requests that look like one IP address, all browing would have been done by one person.

Upper management (when I evaluated, this when I was outside of Cisco) wanted reporting based on user names and IP addresses and the sites that they all visited and the hours that they spent.  This wouldn't be possible but, you sure can save on the licensing .

edit:

Not to mention its feature to integrate with Active Directory so, you can allocate 20 min. of ebay shopping for one group, while letting another group 30 min of golf and chess online and unrestricted access to the other group.  That wouldn't be possible if only one IP address.

-KS

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-18-2011 08:43 AM

Poonguzhali has a very good point!

Technically you can do it, but it will come at ease of management cost.

Federico.

0 Helpful

ramcm.rr
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-18-2011 09:29 AM

Thanks for you valuable points guys. I am going to decide whether or not to go with NAT based on my customer's requirements.

Thanks a lot!!

Ram

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card