RE: Filtering network content based on User Subscription

["Ejay Hire" <ejay.hire () isdn net>]

I'm bumping the tail-end of this thread, but here goes.

we implemet per-user dynamic content filtering using an N2H2 on a squid
box running as a transparent proxy.  When we had tnt's, we used
ASCEND-IP-DIRECT to force filtered users through the n2h2.  We use cisco
As5800's now and have an outbound policy that checks and redirects based
on the Ip address they are assigned  (until I get the final VPDN
solution working.)

-Ejay

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Mark Borchers
Sent: Saturday, May 08, 2004 6:42 PM
To: jshen () spymac com
Cc: nanog () merit edu
Subject: RE: Filtering network content based on User Subscription



> Your best bet in this case is to place a appropriately sized 
> firewall at
> the customer's site, i.e. Cisco PIX 501 - 515 series or SonicWall's
> equivalent and link it to a WebSense or N2H2 content 
> filtering server at
> your NOC.
[snip]
>                             Scott C. McGrath

Joe,

Cisco's Content Engine can also do the functions that Scott
mentioned, plus gives you the benefit of web caching.  It's 
very feature-rich, and the command line looks a lot like IOS.

You can configure it to FTP your whitelist of URLs, and set
up user-specific or global time restrictions, which address
a couple of your specs.  For the latter, I think you need
the Smart Filter module, which is not part of the basic 
Content Engine distribution.