|
davei0594 -> ISA 2006 + Websense Network Agent (2.May2008 11:06:25 AM)
|
Hi all,
Running a single ISA 2006 STD as a back-end firewall.
All traffic must pass through ISA to get out to the Internet (it is effectively DG of the whole WAN).
Have a dedicated server running Websense Security Suite (6.3.1), with the reporting functions installed on a SQL 2005 box.
Websense is integrated into ISA by means of the standard ISAPI filter. Bog standard isa\websense stuff.
Working a treat - fantastic combination of products.
I am now interested in monitoring the non-web protocols, and my research through websense documentation so far suggests I need to use the Network Agent to capture these protocols and send to Websense.
The documentation clearly states not to install this on ANY firewall product, which makes sense.
I realise I could just install it on the websense box, and set the port on the switch to mirror. But logically it seems to me the best place to put this agent would be on the ISA itself?
I have a spare NIC on the ISA.
So my question is to any websense\ISA users out there - where do you run your network agent, if at all? Would installing it on the ISA be a particularly stupid thing to do?
Is the Network Agent the only mechanism for logging non-web traffic through Websense?
Thanks!
Dave
|
|
|
|