03-09-2007 11:01 AM - edited 03-11-2019 02:44 AM
I have a PIX 515, and my compnay is interested in implementing A product to log web URL activity for groups of employees. I thought websense would be the best product to do the job, but what type of server and storage space reqs do you need? This is probably a bad forum for this, but I thought maybe someone here could offer some suggestions.
Thanks in advance, Rob
03-09-2007 11:11 AM
are you looking for a syslog server which is actually a logging server logging the traffic traversing through the firewall
or are you looking for a URL Filtering server to work with firewall ?
I am asking this because ya mentioned about websense which is actually a url filtering server....if ya looking for logging server then no need to spend extra penny...go to goggle and download a free utility of "KIWI SYSLOG SERVER"
Hope this answers a couple if ya Question ..
03-09-2007 11:14 AM
what do you mean they don't recommend the use of these products? Can the firewall do its own URL filtering?
03-09-2007 11:41 AM
Hey Rob,
What you are looking for can be achieved using a URL server. Using this, you can log what all URLs are being accessed and define policies accordingly what to allow and what not to allow. For mimimum system requirements, you can check following link:
http://www.guardsense.com/system-requirements.asp
The issue with syslog servers is that they wont log the URL, but the IP address of the website being accessed. However, when used in conjunction with url-server, PIX logs the URL being accessed to the syslog server.
Hope this helps.
Regards,
Vibhor.
03-09-2007 11:48 AM
thanks a lot. Now I see that it only reqs 2GB of free disk space. I know that is just for the install, but what kind of space am I looking at for logging all of the visited URLs of a 200 user network, and Imean they are online all day long searching for things legitimately and illegitimately.
Rob
03-09-2007 11:57 AM
You'll have two different servers. One is URL server and other is Logging server. On this URL-server, you'll need to look at following syslogs:
304001-304007
Given the activity you are suggesting, you'll atleast need 4 GB space. That'll be good enough. On top of that, if you are using KIWI syslog server, you can configure it to keep a watch on the disk space left. Using KIWI you can also generate reports on the syslogs.
Regards,
Vibhor.
03-09-2007 12:06 PM
Since you need a heavy monitoring ... you need to integrate a web sense server in that case though there are online logging server available which does log the traffic along with the "URL" however they are not as scalable as paid websense..a paid pastry always tastes well than a robbed one..:-)
you may use Websense or N2H2
url-filtering software....also there is a cache length on web sense that stores and loggs the traffic . this length can be customised as per the traffic that you need to log in there...
To accomplish URL filtering, pix can be configured with Websense (www.websense.com) or
N2H2 (www.n2h2.com) in this way:
a)A client establishes a TCP connection to a web server.
b)The client sends an HTTP request for a page on this server.
c)The pix intercepts this request and hands it over to the filtering server.
d)The filtering server decides if the client should be allowed access to the requested
page.
e)If the decision is positive, the pix forwards the request to the server and the client
receives the requested content.
f)If the decision is negative, the client's request is dropped.
NOTE: Websense works with pix version 5.3 onwards and N2H2 works with pix version 6.2
onwards. These can only perform HTTP filtering not FTP or HTTPS. Although for blocking ftp
sites, a URL like ftp://ftp.somedomain.com can be entered.
For configuring N2H2 or Websense with pix, the following command syntax are required:
N2H2:
[no] url-server [(if_name)] vendor n2h2 host local_ip [port number] [timeout seconds]
[protocol {TCP | UDP}]
WEBSENSE:
[no] url-server [(if_name)] vendor websense host local_ip [timeout seconds] [protocol {TCP
| UDP} version]
show url-server
show url-server stats
This would also be available at:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer
ence_chapter09186a00801727ae.html#1026449
03-12-2007 04:32 PM
Hey Rob,
We are using Websence in our company. Some URL Filtering apps need space. How much space depends on the number of users and how much they surf.
In some applications each entry recorded by the URL filtering software is 300k per user per day. Multiply this by the number of users and by how much logging/reporting you will do. Some of these Apps will store data for 1 month or more. I think our user DB has grown to 1.8 GB. So do the math. The URL database in these apps also grows. Ours in the beginning was 140 MB.
Some of these APPS can run on a server running other functions, but we keep it on its own.
Good luck,
Julio
03-12-2007 05:06 PM
thank you all for the info. I think I have what I need to make an informed decision!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide