Gateway http anti-virus filtering with router/proxy/something?
(I cross-posted this at the FreeBSD forums. Hope that's okay, just trying to get as many suggestions as possible.)
Here's my situation:
I have a Cisco ASA 5510 as my gateway. I do NOT have the content filtering licensing for it (CSC-SSM). Nor are there plans for my company to purchase it. However, I would like, if nothing else, anti-virus at the gateway. Since we aren't going to buy anything I'd like to demonstrate the benefits of open source to the company. And I like FreeBSD. So I thought I'd try to put together a solution using it.
Now, I've read a lot about using Cisco WCCP and a transparent squid proxy and I think that combined with something like HAVP that would work. However, it IS a little over-complicated for me: I have no need for the caching that a proxy provides. I really would just like http traffic to be scanned for viruses/malware, and if found for the data stream to be stopped.
So, has anyone put a solution like this together? Could I use something like HAVP and put it between my Cisco and the ISP router as the next hop for my Cisco? If so, will it pass through non-http traffic without a fuss? Could I combine pfsense with an anti-virus port and put it in front of my Cisco? Anything other options?
Any and all suggestions are welcome. Thank you.
|Thread||Thread Starter||Forum||Replies||Last Post|
|A PF packet tagging (policy filtering) question...||Quaxo||OpenBSD Security||2||30th March 2009 10:47 PM|
|Web content filtering||Crypt||FreeBSD Security||14||14th December 2008 01:38 PM|
|permissions and FTP/HTTP||Yuka||FreeBSD General||0||20th October 2008 10:32 PM|
|MX Anti-Spam measures||cajunman4life||General software and network||4||13th July 2008 08:00 PM|
|Virus & Rootkit protection||jaymax||FreeBSD Ports and Packages||1||18th June 2008 02:46 PM|