I am considering installing websense on the ISA and if I have read the documentation correctly you can point the PIX to the websense server and even if the user circumvents the proxy to navigate to a forbidden site the pix will still block it (url-server command). -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: 14 October 2003 14:59 To: [ISAserver.org Discussion List] Subject: [isalist] Re: Cache only mode AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Well, for what it's worth, it's quite simple to setup an ACL on the inside interface of the PIX to only allow outbound traffic from the trusted IP of the ISA Server. Works like a charm as the PIX will (quite arrogantly) deny all other requests!!! -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 14 October 2003 15:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Cache only mode AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Actually, this is the most common setup. Folks with existing firewlls deploy ISA as a caching device all the time. As Shawn stated, you can still use ISA as a second-layer firewall, but that's not a requirement unless you maintain the present two-NIC installation. The biggest caveat is making sure that no web traffic crosses the PIX unless it comes from the ISA (or other pre-approved IP). ISA can only control what it sees, after all... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 14 Oct 2003 08:42:16 +0100 "Stuart Pittwood" <SPittwood@xxxxxxxxxxxxxxxxx> wrote: AD: Get Thawte?s New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Hi all, For reasons I'm not going to get into here we're considering dumping ISA as our firewall in favour of a Cisco PIX. We will however be keeping an ISA server as a web cache. My question is, as a web cache can I still use the filtering rules to control access to certain websites (could I still load websense onto the server and have it filter) TIA Stu P A full list of partners in Amery-Parkes is available for inspection at all of our offices. Information contained in this e-mail is intended for the use of the addressee only, and is confidential and may be the subject of Legal Professional Privilege. Any dissemination, distribution, copying or use this communication without prior permission of the addressee is strictly prohibited. The contents of an attachment to this email may contain software viruses which could damage your own computer system. Whilst Amery-Parkes has taken every reasonable precaution to minimise this risk, we do not accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening any attachment to this email. Get Thawte?s New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------------------------------------- Everything in this e-mail and attachments relating to the official business of Columbus Stainless is proprietary to the company. It is confidential, legally privileged and protected by law. Columbus Stainless does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Columbus Stainless. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination. --------------------------------------------------------------------- Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: spittwood@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')