ASA 5505 transparent firewall with websense integration..

Posted on 2011-04-28
Last Modified: 2012-08-13
Hi All,

I'm looking for some advice on integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic.

Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.

The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.

What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.

Many thanks

Question by:needsy
    1 Comment
    LVL 9

    Accepted Solution

    The CSC web filter module that Cisco sells uses Trend Micro technology.  Not websense.  

    You may be able to implement Webense in an integrated modem or standalone mode.  Both of these modes are non-proxy based and do provide full filtering capabilities.  Traffic is mirrored to the internal websense server via switch monitor ports, and websense can block traffic via tcp spoofing and packet injection.

    If you could do this and configure your internal network with a default gateway IP of your GLBP setup.... It might work...

    Alternately you could look at Fatpipe Warp.  Thats the kind of device that's designed to do this type of internet connection load sharing.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video discusses moving either the default database or any database to a new volume.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now