Link to home
Start Free TrialLog in
Avatar of Brian Garcia
Brian GarciaFlag for Philippines

asked on

Alternative to Bluecoat ProxySG

Can you recommend an alternative to Bluecoat ProxySG? We are looking at product with content filtering, malware protection and proxy service. Is Cisco WSA a good alternative?
Avatar of Ramakrishna Prabhu
Ramakrishna Prabhu
Flag of Malaysia image

Squid can be a good alternative.
Avatar of Brian Garcia

ASKER

We have used squid but we don't like the filtering (dansgurdian, squidguard). We have problems passing other protocols (citrix, SSL VPN, etc.). So we used Bluecoat, but it's costly so we are looking for an alternative.

We are looking at Cisco Web Security Appliance since we can get for a much lower price but I don't know if it can replace the functionality of Bluecoat.
Avatar of Rich Rumble
We use Sophos proxies with good results, but we don't inspect HTTPS as all the vendors we tried had issues, so maybe someone is doing it better these days. SafeSquid I've used in the past with good results, but the category lists from Sophos and others are typically better and more complete than what SafeSquid was using. The proxy should not be processing VPN traffic, well at least encrypted VPN traffic, you need a bypass/direct connection for them to work typically. Sophos is easy to use, good support and using WCCP instead of a PAC file was the best thing we did in our roll outs.
-rich
We need to inspect all internet traffic because this is part of our network policy. We may have a hard time implementing WCCP because of complex network routing and multiple network connection.

Bluecoat can do all our requirement even https inspection, SSL VPN and citrix access but its costly so we need to provide an alternative.
ASKER CERTIFIED SOLUTION
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Rich for your explanation. I agree with you that VPN and CItrix should not be under proxy because of certain limitations and redundancy. And the facilities which they run is already secured.  

For https, we don't have any issues forwarding this to Bluecoat Proxy.

But our dilemmas is we are supporting multiple clients with multiple SSL VPN. Some SSL VPNs are through internet while some is through the corporate WAN (e.g. US, Europe, India and Asia). We may have problems implementing WCCP so we are using PAC.

Are you suggesting we moved to WCCP instead of PAC? how can we do that given the above dilemma and how can I redirect other HTTP traffic which is in the corporate WAN?
We are also accessing multiple Citrix through Internet and Corporate WAN so how can we implement redirection through WCCP?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of teo665
teo665

Websense is traditionally Blue Coat's primary competition.  If you are looking for cloud services that muddies the waters.  Do you want to host at multiple sites?  What sort of traffic are you looking to proxy?  What control do you want to exert over it? If you start looking for threat protection you can look at new players like zscaler. If you have workers that are in the field and not physically behind a proxy, you are going to start needing to install a client.  The dreaded client.
Regarding Citrix, this is not compatible with many proxies last I checked. Palo ALto Networks NGX FWs can do all of the proxy, content filtering, SSL decryption etc that most proxies can, and they have moved toward the cloud hosting bandwagon as well.