This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Using AWS Bundle 2 as an Ironport replacement

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Using AWS Bundle 2 as an Ironport replacement

ACD-II
L1 Bithead

‎03-22-2017 09:53 AM

I have a Bundle 2 in trail at the moment as a POC. At first glance, the interface is overwhelming, so navigating it is cumbersome at first.  What I am trying to accomplish is a viable replacement for Ironport WSA.  I have a Bluecoat POC in place and it can replace the Ironport, as well as TMG for Citrix, two of our criteria.  My goal is to proof out if the PA-VM can also do this.   Another requirement is DLP with Symantec.

 

So what I need to know in order for this to be viable is

User authentication via AD

User group authorization,  ability to categorize users for specific access to URL lists, ex: a list for specific sites and nothing else, along with full internet access for other users, all coming from the same IP.  This is the Citrix portion of the POC. With Ironport it is all or nothing based on first on. If a first on user has only access to one list, all users afterwards have the same access. I need for each user on the same box to have their AD access, one user in limited group, and another user with full access.

 

0 Likes Likes
2 REPLIES 2

ACD-II
L1 Bithead

‎03-22-2017 09:53 AM

Looks like there is a limit, and it wiped out the rest.

 

DLP support as mentioned above

I also need authentication exemptions, there is one IP that has strict access to only certian sites, but no users in AD to authenticate.

 

WCCP?  Can I forward traffic to it using WCCP from another firewall or router?

 

Any documentation in regards to setting this up provided it is supported would be appreciated.

0 Likes Likes

santonic
L6 Presenter
In response to ACD-II

‎03-23-2017 07:47 AM

First keep in mind that PA is a FW, not a proxy. And unlike some other FWs you can't set it up to work as a proxy.

 

However it can replace all the security features of a proxy (URL filtering, AV), it offers more features (IPS), it can be connected to AD (and many other LDAP and/or authentication servers..), it can work in Layer 3 and inline modes....

0 Likes Likes
  • 1899 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks