(Posting to firewalls section because I found several posts about n2h2 filtering here already).
A client of mine has been using n2h2 web filtering for several years now. (Now it's "Secure Computing" not n2h2, but cisco syntax uses old name). The SecureComputing s/w is running on a RedHat Linux server that exceeds all the specs provided by the manufacturer.
The router is a Cisco 1720, running flash image c1700-o3y-mz.122-15.T12.bin which is one of those that supports n2h2 filtering. It reports:
cisco 1720 (MPC860T) processor (revision 0x601) with 24576K/8192K bytes of mem
Mostly, the filtering has worked well. Once configured, it has worked without a hiccup, and since it's done at the router, nobody can bypass, like might in theory be possible with a proxy. Speed for basic surfing has been ok, too, but we do notice large downloads take longer than they should. Now here's the real problem-- recently they've had a reason to start using a proprietary website that generates a lot of graphics (maps) on the fly. I think it's done by a customized java applet that layers images in an IE window. This particular site, required by an important user, is simply impossible to use because of speed issues. Minutes and minutes without a completed image appearing on screen. From outside their office, it works fine, and when I have temporarily removed the lines that enable web filtering on the router, the page appears quickly there too. So we have established that the slowness is directly related to filtering.
How can I speed up access to the required site, still keep n2h2 filtering, and keep doing it on the router rather than on a separate proxy box? I wonder if a new router, or more memory (if possible, not sure if there's even room now) might increase performance. Or a new router image, since this one doesn't seem to offer all the commands that Cisco's site seems to expect. (Notably, there's a command that is supposed to be recognized according to Cisco relating to java applet filtering, but it is not available when I try to configure it on the router.) Thoughts?
Secure Computing tech support has not been much help. They want to pass the buck to Cisco without offering much in the way of suggestions. Thanks.