Hi Chris

Thanks for your answer.

Look, for these questions, I need exceptions... Is possible make exceptions??? by group, for example..

Group1 = Prohibited

Group2 = Allowed

Anyway, Do you recommend IronPort for Web Security????

Ah right, so in answer to that:

Data limits, yes you can do that on an identity by identity basis

Multiple IP addresses I don't think so.

As IronPort for Web Security it's pretty straight forward to use and is good at categorizing.

Thanks

Chris

Chris is correct.  You cannot make exceptions to the multiple IP's being allowed for specific users and not allowed for other users.

As for that last question you had originally, take a look at our Scansafe product. This is a cloud based product and would allow you to have mobile users to be pointed to our scansafe towers.

http://www.scansafe.com/

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

Thanks Chris and Christian..

Tell me one more thing...

I have about 2k users... I have many branchs.. and these branchs has Cisco Router, like 2800.

My friend told me that with WCCP is possible to save licences..

Look, My branchs must goes to my Data Center to use the Internet. I dont have internet gateway in each branch...OK?

With this scenario, is still possible use wccp and save licence?

Diego

As long as you can get all of your traffic to your data center we can redirect the traffic to Ironport. It is possible to do all of this, but it will increase lag and other issues when it comes to routing. This is a very network specific question.

Personally I have had tickets where doing wccp over great distances can cause jumbo packets. With the jumbo packets we start seeing dropped data because of routers that cannot handle that information.

Also, I cannot answer if this will actually save you money.  I would recommend contacting a reseller or cisco sales.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport Support: 1-877-641-IRON (4766)

OK...

And talking about Web and E-mail... I guess you can help me too

If I use these 2 solutions.. Is there a centralized console to manager Web and E-mail solutions? Or I need to use one for each solution??

There is the Security Managment Appliance.  It does centralized reporting, configuration for both ESA and WSA and centralized email spam quarantine if you have multiple ESA boxes.

If you have mulitple of either type of box, it makes things easier, but if you're just running one of each its overkill.

Ken

I don't see how WCCP is going to avert a license issue.  The terms of the license is still by number of users in your network - though with the IronPort appliance there is no enforcement.

What you're describing is going to be a very complex network to administrate.  That is, if you have some people going to ScanSafe, others to appliances.

Please check with your local Cisco engineer to determine appropriate sizing for Email + Web on the SMA.  Both our technically able to work...but with both enabled you'll want to make sure it the SMA can scale to the size of your nework.  You can just manage the devices separately as well since there are no policy linkages between web and email - they just correside on the same platform.

~Tim