Greetings everyone -
Here is my challenge :
I have 1x Cisco 2800 series router with a checkpoint FW behind it. This is in place by our corporate IT department and is out of my control.
The Checkpoint handles a site-to-site VPN over our 4 T1 lines to the corporate office where they have another Checkpoint FW / cisco router.
They currently have a content engine module installed and are filtering web content based on policies they have defined within.
My management team has asked that I come up with a way to allow certain users (management) access to sites that are blocked by the corporate filter. I have alreayd spoken with the corporate IT group and lets just say that I won't be getting any help from them.
Management has also asked that I be able to report on the internet useage and activity of the users which I don't even know if the content engine could do even if I did have access to it.
We are an enterprise size corporation but structure within corporate IT is very strange.....
My solution to this since I can't do anything with their equipment is the following:
1x TMG 2010 Standard
2x NIC's (One for LAN, one for DSL)
1x IPBinder to change the source IP.
Now I have been told that this scenario will work, but since windows doesn't support more then one default gateway (especially when they are the same metric)
I have run into issues with DNS not choosing the right interface and other things.
I basically just want to use the 1st NIC as an inline proxy / web filter for the users (including management) and simply apply a rule and use IPBinder for specific users (mgmt) to use the DSL NIC
I have searched and searched to no avail, all the multiple gateway / wan / ISP articles i've found pertain to ISA 2006 or older, or they reference the ISP redundancy of TMG which is NOT what I am after.