https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/148969#M49702 <P>I have a Bundle 2 in trail at the moment as a POC. At first glance, the interface is overwhelming, so navigating it is cumbersome at first.&nbsp; What I am trying to accomplish is a viable replacement for Ironport WSA.&nbsp; I have a Bluecoat POC in place and it can replace the Ironport, as well as TMG for Citrix, two of our criteria.&nbsp; My goal is to proof out if the PA-VM can also do this.&nbsp;&nbsp; Another requirement is DLP with Symantec.</P><P>&nbsp;</P><P>So what I need to know in order for this to be viable is</P><P>User authentication via AD</P><P>User group authorization,&nbsp; ability to categorize users for specific access to URL lists, ex: a list for specific sites and nothing else, along with full internet access for other users, all coming from the same IP.&nbsp; This is the Citrix portion of the POC. With Ironport it is all or nothing based on first on. If a first on user has only access to one list, all users afterwards have the same access. I need for each user on the same box to have their AD access, one user in limited group, and another user with full access.</P><P>&nbsp;</P> Wed, 22 Mar 2017 16:53:08 GMT ACD-II 2017-03-22T16:53:08Z https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/148969#M49702 <P>I have a Bundle 2 in trail at the moment as a POC. At first glance, the interface is overwhelming, so navigating it is cumbersome at first.&nbsp; What I am trying to accomplish is a viable replacement for Ironport WSA.&nbsp; I have a Bluecoat POC in place and it can replace the Ironport, as well as TMG for Citrix, two of our criteria.&nbsp; My goal is to proof out if the PA-VM can also do this.&nbsp;&nbsp; Another requirement is DLP with Symantec.</P><P>&nbsp;</P><P>So what I need to know in order for this to be viable is</P><P>User authentication via AD</P><P>User group authorization,&nbsp; ability to categorize users for specific access to URL lists, ex: a list for specific sites and nothing else, along with full internet access for other users, all coming from the same IP.&nbsp; This is the Citrix portion of the POC. With Ironport it is all or nothing based on first on. If a first on user has only access to one list, all users afterwards have the same access. I need for each user on the same box to have their AD access, one user in limited group, and another user with full access.</P><P>&nbsp;</P> Wed, 22 Mar 2017 16:53:08 GMT https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/148969#M49702 ACD-II 2017-03-22T16:53:08Z https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/148976#M49703 <P>Looks like there is a limit, and it wiped out the rest.</P><P>&nbsp;</P><P>DLP support as mentioned above</P><P>I also need authentication exemptions, there is one IP that has strict access to only certian sites, but no users in AD to authenticate.</P><P>&nbsp;</P><P>WCCP?&nbsp; Can I forward traffic to it using WCCP from another firewall or router?</P><P>&nbsp;</P><P>Any documentation in regards to setting this up provided it is supported would be appreciated.</P> Wed, 22 Mar 2017 16:53:53 GMT https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/148976#M49703 ACD-II 2017-03-22T16:53:53Z https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/149180#M49748 <P>First keep in mind that PA is a FW, not a proxy. And unlike some other FWs you can't set it up to work as a proxy.</P><P>&nbsp;</P><P>However it can replace all the security features of a proxy (URL filtering, AV), it offers more features (IPS), it can be connected to AD (and many other LDAP and/or authentication servers..), it can work in Layer 3 and inline modes....</P> Thu, 23 Mar 2017 14:47:32 GMT https://live.paloaltonetworks.com/t5/general-topics/using-aws-bundle-2-as-an-ironport-replacement/m-p/149180#M49748 santonic 2017-03-23T14:47:32Z