Q

Best place to put Websense?

I wonder if you can give me an advice about our network topology. We have a checkpoint firewall, MS Exchange and Proxy servers, Esafe virus scan server, a server which DNS, DHCP and WINS services are on, and a Websense server. I want all clients to reach the Internet through proxy and I want to do the URL filtering by Websense. But whomever I talk to suggests a different topology. Some said that proxy should stay at LAN whereas some said it should be at DMZ with Websense. What would be the optimum topology?
I don't think you going to like the answer, but here goes (grin). There is no correct answer, all solutions are valid.

As a rule of thumb, I always try to put Websense at the last connection point to the Internet. Since your router does not support Websense (at least, not yet; Cisco is rumoured to be working on it), the best place for Websense is your firewall. My favorite firewall is the Cisco PIX as it is the easiest to configure, maintain and secure. Most firewall products will support the Websense filtering (including the Cisco PIX and Checkpoint Firewall-1).

My reasons are these:
  1. Not all proxy servers work for every technology, (In particular, Microsoft proxy product has a very poor reputation in real life even after its recent revision) and sometimes you want to bypass the proxy for a given website. Typically, this is when a new technology comes along which the proxy cannot support. If you bypass the proxy, you may bypass the WebSense filtering.
  2. Don't overload your servers. You want to spread your load around. The firewall should be dedicated to task and adding Websense would be a natural relationship.

This was first published in May 2001

Dig deeper on Networking Tutorials and Technical Guides

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close