SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Webense redirect on Data Center chassis

    Posted 10-09-2012 07:21

    Working with a customer that is looking to implement Websense on a 1400 or larger unit. UTM is of course not supported. It appears that the only way to do this is via redirect using firewall filters (FBF)  - 

     

    Wondering if any of my fellow community members have done this and have any feedback on how well (or not well) this works. Any comments are appreciated.



  • 2.  RE: Webense redirect on Data Center chassis
    Best Answer

    Posted 10-09-2012 11:24

    I have done this on SRX-3600 and the Websense V10K appliance.  Its the same procedure if you were to do the redirect using an EX switch.

     

    The only issue is that its easy to blackhole hole your traffic if your Websense appliance dies since your FBF will keep forwarding traffic to the dead Websense box.

     

    If possible its probably better to do this using PAC files and let the hosts redirect the traffic.

     

     



  • 3.  RE: Webense redirect on Data Center chassis

    Posted 10-09-2012 15:28

    Thanks for the reply. One other follow up question. Did you have to disable tcp-syn-check? JTAC said that this must be done which is just not acceptable. 

     

    Thanks!



  • 4.  RE: Webense redirect on Data Center chassis

    Posted 10-09-2012 15:30

    I have tried this in the lab. But I have redirected the traffic to a branch box which was running web-filtering. Worked fine using FBF. Just be careful with what you forwarding and the way you are receiving the traffic from the branch box. Make sure the 1400 doesn't drop the traffic based on the re-route failure.