08-14-2012 07:46 PM
Hello all..
Im starting a PoC with Websense for Web and E-mail. I want to do a PoC with IronPort too...
Well, I need to know about some questions as follow...
- Is possible block file download when it more than X mb?
- My user log on the machine using AD. Their credencials allow him to browse without put user and pass... using kerberos
I need that this user can not browse in another computer with our credencials....If a user establish a connection using IP X, he doesnt establish another connection with the same user using IP Y....
Is it possible with IronPort?
These two doubts above, I have working with Squid... So I need to know if it is possible using IronPort.
And now, I have one more doubt I dont have working with squid.. follow..
- I have some users with USB allowed... users with laptops...
these users have internet by 3G, so, he put the 3G in USB port and browse free for any site, because he is out of my network...or at home, for example.
Websense has a solution for it that when the user is out of work network, the browser call a proxy on cloud and it has all policies I have on my network, and the user is allowed only for this sites, like if he was inside network....
thanks anyway
Diego
08-15-2012 06:44 AM
Hi Diego,
I can't answer the last query, but the first two:
Yes:
Web Security Manager
IronPort Data Security
Set limits in "Content"
Yes:
Network
Authentication
Edit Global Settings
Check "
Hope this helps.
Thanks
Chris
08-15-2012 06:51 AM
Hi Chris
Thanks for your answer.
Look, for these questions, I need exceptions... Is possible make exceptions??? by group, for example..
Group1 = Prohibited
Group2 = Allowed
Anyway, Do you recommend IronPort for Web Security????
08-15-2012 06:54 AM
Ah right, so in answer to that:
Data limits, yes you can do that on an identity by identity basis
Multiple IP addresses I don't think so.
As IronPort for Web Security it's pretty straight forward to use and is good at categorizing.
Thanks
Chris
08-15-2012 06:59 AM
Chris is correct. You cannot make exceptions to the multiple IP's being allowed for specific users and not allowed for other users.
As for that last question you had originally, take a look at our Scansafe product. This is a cloud based product and would allow you to have mobile users to be pointed to our scansafe towers.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport: 1-877-641-IRON (4766)
08-15-2012 07:12 AM
Thanks Chris and Christian..
Tell me one more thing...
I have about 2k users... I have many branchs.. and these branchs has Cisco Router, like 2800.
My friend told me that with WCCP is possible to save licences..
Look, My branchs must goes to my Data Center to use the Internet. I dont have internet gateway in each branch...OK?
With this scenario, is still possible use wccp and save licence?
Diego
08-15-2012 08:44 AM
As long as you can get all of your traffic to your data center we can redirect the traffic to Ironport. It is possible to do all of this, but it will increase lag and other issues when it comes to routing. This is a very network specific question.
Personally I have had tickets where doing wccp over great distances can cause jumbo packets. With the jumbo packets we start seeing dropped data because of routers that cannot handle that information.
Also, I cannot answer if this will actually save you money. I would recommend contacting a reseller or cisco sales.
Christian Rahl
Customer Support Engineer
Cisco IronPort - Web Security Appliances
Cisco Technical Assistance Center RTP
United States Ironport Support: 1-877-641-IRON (4766)
08-15-2012 09:10 AM
OK...
And talking about Web and E-mail... I guess you can help me too
If I use these 2 solutions.. Is there a centralized console to manager Web and E-mail solutions? Or I need to use one for each solution??
08-15-2012 09:29 AM
There is the Security Managment Appliance. It does centralized reporting, configuration for both ESA and WSA and centralized email spam quarantine if you have multiple ESA boxes.
If you have mulitple of either type of box, it makes things easier, but if you're just running one of each its overkill.
Ken
08-27-2012 07:56 AM
I don't see how WCCP is going to avert a license issue. The terms of the license is still by number of users in your network - though with the IronPort appliance there is no enforcement.
What you're describing is going to be a very complex network to administrate. That is, if you have some people going to ScanSafe, others to appliances.
Please check with your local Cisco engineer to determine appropriate sizing for Email + Web on the SMA. Both our technically able to work...but with both enabled you'll want to make sure it the SMA can scale to the size of your nework. You can just manage the devices separately as well since there are no policy linkages between web and email - they just correside on the same platform.
~Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide