web site logging and policy on branch offices with edge devices and x750e

I'm upgrading an old x700 with a new x750e device. Currently I have 4 branch offices that connect into my office via VPN over dsl, T1 and cable. All my branch offices are on edge devices. Is there a way I can setup the x750e device or the edge devices so I can view the web logs for web traffic. I want to track internet usage and I know how to do it with the x750e box but I'm not sure about the edge devices. I guess I could route all the web traffic through my main site but my main site is only on a T1. I'd rather have some of the sites use their faster connection for web browsing and maybe log to my 750e device. Is this possible?
 If I let the brach offices use their edge devices for the next hop to the web instead going over the VPN to my site then out to the web, is it possible to use the policy's of the x750e for blocking things like internet radio and all the other crap my users do.

Appreciate any help
kevbozAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hstilesCommented:
You need to configure WSEP loggingon each of the Edge devices tolog to a primary WSEP log sever at your main sit.  WSEP is a component of Watchguard System Manager.All that is required,once set up is for the relevant port to be open(not an issue with VPN) and the IP address and log passphrase.

You will need to log outgoing HTTP traffic on your edge devices.

I have experienced all sorts of problems when forcing all web traffic through a central Firebox.  The main one is due to packet fragmentation- HTTP traffic through the proxy ont he main fireboxcore was fine, but HTTPS, etc... didn't work.

The other problem is that your remote fireboxes will only be contactable if the tunnel is up.  This can cause problems troubleshooting connections, etc...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hstilesCommented:
As for blocking internet radio, etc...all you can do with the dge is purchase web blocker and use this to restrict access. If you are running WSM at your main site, you can centrally cotrol the edge policy, otherwise, you will need to update each edge individually.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.