Hi, I'm about to unleash a 525 to replace our old firewall, but I have some questions about some issues I haven't been able to figure out yet:
1. Our old firewall did stateful http inspection, etc, and also acted as a http proxy. In short, people without any proxy config could access websites on port 80 and those who had their proxy config'd to point to the firewall could http to any port. It doesn't appear that the pix does http proxy. Or does it? What are some recommended ways to set something up (we're windows based). Other than learning what ports all of our mission critical external websites use and doing fixups on them, what are my options (also taking into account my next question)?
2. URL filtering is very important to us (we have school sites). We're looking at the standard websense and n2h2 offerings, currently leaning slightly towards n2h2, and I'm wondering: Do I want the PIX-integrated version, or should I be getting a proxy-integrated version because of q#1?! Unfortunately, I don't want to force people to know the proxy info, because we have 600+ students who commute home to school with laptops and don't really want to throw proxy configuration drama into the mix. If I do URL filtering on the PIX, does that preclude me from doing it on the proxy?, or does the proxy ask the PIX if URLs are permitted based on filtering?!
Any guidance, suggestions, or revelations are greatly appreciated!
-JDN