We have a tenant who is going to terminate their internet service and begin to use our connection. Their internet traffic will be directed to our Palo Alto, which is our internet gateway. The tenant also uses a Cisco Ironport Web Security device and insists on its continued use vs. using the services on the Palo Alto. My thought was to put the Ironport on our DMZ and via PBF, send all traffic from the tenant subnet to the Ironport. The Ironport would then return the filtered traffic to the PA and out to the internet. Anyone familiar with the Ironport/ have any ideas of whether or not this setup is feasible?
... View more