In article , Douglas McIver wrote: :We are thinking of deploying ten pix 501s to branch offices. We would :really like to have some form of content filtering/web logging so that we :can centrally control what sites these users can reach. We have worked with :SonicWall models that do this, but are there any Cisco models? Does anyone :know if this can be done?
With the PIX 501 (i.e., PIX 6.x software release), your choices for content filtering both involve third-party software, namely WebSense or N2H2. I have heard that WebSense is not exactly bargin priced; I haven't heard anything about the N2H2 pricing.
If your needs can be met by site-level controls rather than by content controls (i.e., users are allowed to access whatever is available at sites you have selected, as compared to users being blocked from (say) downloading *.mp3 files but being allowed to go to a wider range of places), then you can centralize those site-level controls by using a RADIUS server and downloadable access lists; or by using something like CiscoWorks VMS (VPN Management Solution) or Solsoft to push new configs. Or you could keep the ACLs in a text file and tftp those to each of the PIX's [be very careful if you are changing the ACL that controls the VPN tunnels!]