[70321] in North American Network Operators' Group
Re: Filtering network content based on User Subscription
daemon@ATHENA.MIT.EDU (Scott McGrath)
Sat May 8 17:33:47 2004
Date: Sat, 8 May 2004 17:33:06 -0400 (EDT)
From: Scott McGrath <mcgrath@fas.harvard.edu>
To: jshen@spymac.com
Cc: nanog@merit.edu
In-Reply-To: <20040508083228.7DFB94C04C@spy10.spymac.net>
Errors-To: owner-nanog-outgoing@merit.edu
Joe,
Your best bet in this case is to place a appropriately sized firewall at
the customer's site, i.e. Cisco PIX 501 - 515 series or SonicWall's
equivalent and link it to a WebSense or N2H2 content filtering server at
your NOC.
the short version of how this works us The firewall sends the URL your
customer is requesting to the filter server and the filter server tells
the firewall whether to grant or deny access to the URL. Both products
can be configured to fail hard or soft i.e. if the content server is down
the firewall will either block all URL's or grant all URL's.
Both products do what you want them to do right out of the box and can be
tuned easily by your staff or the customer.
Scott C. McGrath
