Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
First a little background. We have 2 * v10k G2 appliances and a control/manager/log server running 7.6.2. The v10k g2 appliances are running the following:content gateway services:content copcontent gateway / and gateway managerdownload serviceanalytics serverweb security services:filtering servicecontrol servicenetwork agentThe control/manager/log is running the following services:Websense TRITON - Web SecurityWebsense DC AgentWebsense Information Service for ExplorerWebsense Explorer Report SchedulerWebsense Web Reporting ToolsWebsense Reporter SchedulerWebsense Log ServerWebsense RTM ClientWebsense RTM ServerWebsense RTM DatabaseWebsense Usage MonitorWebsense User ServiceWebsense Policy ServerWebsense Policy BrokerWebsense Policy DatabaseWebsense TRITON Web ServerWebsense TRITON Unified Security CenterWebsense TRITON Settings DatabaseWebsense Control ServicePresently we have a cisco router redirect http/https traffic via WCCPv2 to the P1 interfaces on the appliances. ip wccp 0 redirect-list WS_REDIRECT group-list WS_PROXYip wccp 70 redirect-list WS_REDIRECT group-list WS_PROXYip access-list standard WS_PROXY permit 10.219.251.9 permit 10.219.251.6Now to the question, We have a sonicwall NSA E5500. If I "Intergrate" my websense and sonicwall together would this eliminate the need for the router (this is the only thing this router does). I assume websense was originally setup in the standalone format, what considerations are there as a result?
if you integrate your Sonicwall, and remove your Cisco router which is doing WCCP and sending that traffic to the Websense Content Gateway, you will remove that WCCP ability, and you will no longer be using the Websense Content Gateway at all, unless you explicity proxy through it. Without the WCG, you'd lose the ability to decrypt the HTTPS sessions and get the full url that the users are going to.
With the Sonicwall, you'd only have the HTTPS ip address of the server, and nothing more.
Additionally, you'd be using the Sonicwall directly with the filter services on the Triton box, and the Appliance would be sitting there... unused.
JACOB SLOAN, CCNA, WCSE
More of an addendum to Jacob's post --
With a sonicwall e-class, goto in the content filtering and point it to the filtering serivce on the websense device/appliance. You will eliminate the need for the router. HOWEVER --- you lose the ability to use a WCG and/or SSL decrypt. sonicwall websense integration deployment is real simplistic -- for small businesses.
Also, another downside with this, is that the sonicwall takes a further performance impact from doing such. For instance, (don't ask how i know), if you enable IPS/GAV and antispy on the e5500, you take more than a 50% performance impact of whatever link you connect to it. Adding websense content filtering instead of using on-device sonicwall CFS yields roughly another 5-10-ish percent hit. Call up sonicwall support and they'll confirm their device is a POS. Shocked they were rated a gartner quadrant leader recently. Them, their memory leaks, and their rebooting firewalls. And a firewall that is CLI crippled? </rant>
So..if you can, keep the router -- you retain tons of functionality that i've found very helpful in saving a lot of painful headaches. Good grief.
