It's my first post on the forum here. I've been working with PA products in the enterprise for about 2 years.
Just out of curiosity, what are organizations doing for company owned roaming device URL filtering (if at all)? Obviously one option is to use Global Protect with an always-on VPN. However, the drawback for us it that it would require significant bandwidth and additional distributed hardware. The organization I work for is globally distributed with users spread out in almost every region. Internet bandwidth and private WAN bandwidth at the head end(s) is a significant factor.
Some other solutions we are considering is anti-virus agent based platforms that include a URL filtering component. There are other cloud based products that proxy or use DNS for filtering. Again, just looking for general feedback on what others are doing successfully. Any input is much appreciated.
That's what we've seen.
MPLS is going away, so to speak, the reliance for using it for everything is going away. For us, hundreds of Meg/Gigabit INet circuits are relatively cheap, but ingesting all that data comes at an expense.
For our users they're split-tunneled with specific work traffic coming back to HQ, while general INet traffic goes out their local connections. Using this cloud design works well with "hybrid networking or an iWAN" solution as our traditional remote office locations can have the same "funnel the junk" policy direct "to the cloud" via business broadband links while traditional business traffic contnues to use the smaller MPLS links.
I know that OpenDNS has a small agent that runs on the users machine and forces them to the 'cloud' for updates and DNS resolution. The drawback is that it only works for things that need DNS resolution, so IP's wont get filterd, obvisouly. There are other proxy/dns services out there. It kinda depends on your budget on what you can do.
Hope this helps!
Thanks for the feedback. I think we may look at both OpenDNS and Zscaler.
Another challenge is supporting and maintaining several agent based solutions (AV, VPN, URL, etc). 2 agents is not so bad. It seems like when you get around 3-4 it really starts to be a pain.
I think the best fit for us would be a VPN client + some kind of agent that performs URL and host protection. It's too bad PA doesn't have a client that can do this without having to backhaul traffic to a GP gateway...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!