About infotech

The ip address of the proxy is 172.16.1.11 and here is the primary 172.16.0.0/12 in the static routes ... View more

Steve I am asking for my management not myself I assumed it was not possible and that we either need a PA at the site or to route it through the CIsco and the PA but I wanted to double checke with someone else before telling them that ... View more

I have further checked into the method used to bring our remote sites back to the main site for internet access and web site filtering. The users are being directed back to the proxy server through a GPO that sets  the internet options\connections\LAN settings\proxy server  to the proxy server. There are no settings on the cisco firewall its only using a GPO. Can this be updated to point to the PA throught the GPO instead by setting the IE options internet options\connections\LAN settings\proxy server  to the PA instead of the proxy server? ... View more

I didn't know you could download the migration tool without being a PA SE ... View more

I will check the setting on my cisco Steven and see what needs to be done with the routing ... View more

Also when I was looking at these the PA engineer told me it was not a proxy but could replace  my ISA server ... View more

I know its not a proxy in the truest of senses but it can be used to block web sites that are not appropriate or are harmfull. We are currently routing traffic from our branches across a vpn tunnel for our service I would expect we could do the same with bringing them back for the filtered internet.\ ... View more

Currently I have a PA 3020 at my central facility and the ISA 2006 server. At the remote sites I have ASA 5505 and the users are being sent back to the central facility via an active directory GPO and there internet filtered by the ISA server.  Is there any way to send them back to the PA instead of the ISA for their filtered internet? ... View more

I agree thanks ... View more

I am reviewing this again and I am on objects\security profiles \url filtering - if I add these sites to this profile won't it block it for everyone? ... View more

Thanks I would like to avoid the pitfalls of the migration myself that is why I work with a PA engineer and also like to get different view points on the community boards. I began learning  PA last December when we implemented our first  and then configured our second along with managing all other areas of the  network. The intent of my migration from an ISA 2006 firewall is to move foff of old technology to better improve over all security. Currently different users are give access or blocked from access to certain web sites via the proxy server based on GPO. The first step we took was to create security policies based on the level of access allowed to a certain type of user. Next step is to enable those policies on the PA and slowly remove those blocked site from the ISA and assure that the PA is doing all the filtering. Next will be to change the rules and the GPO's so that the users,at all facilitues,no longer go through the ISA but directly to the PA. ... View more

At this time I do not have a profile configured for this security policy ... View more

Yes I have been working with a PA engineer on the migration but isa 2006 is older and not a lot of people have indepth knowledge of it. ... View more

Sure here is screen shot of my security policy I am trying to add the websites to the applications area ... View more