true - IFP is not part of the MWG 7 version. However it is part of MWG 6, which you should be able to use and which should cover all you need, as category based URL Filtering is as good as in MWG 7.
For my education, why would like to see IFP in MWG 7, why can't you use it natively, via WCCP, in bridge mode, ...?
Sr. Product Manager MWG
thanks for the answer.
My company has been SmartFitler users for my 5000+ user orginization for years. It was done by IFP through a Cisco Firewall.
We upgraded from a standalone smartfilter server to the weggateway product line in order to to full proxy for say 1/4 - 1/2 of our users.
We still want to do URL Fitlering for the other 1/2 of the company.
on 6.8 we were able to use the webgateway url policy piece for both.
If you were full proxied by either WCCP or by direct proxy, it would url filter you.
If you were not proxied, the firewall would catch your url request and pass it the web gateway via IFP, check the policy, and good to go.
I know i could push all traffic to the webgateway via WCCP and make all url/proxy decisions there. There are some internal design considerations with this that make it less desirable that the IFP option fo rus.
I'm not really catching what you mean by "bridge mode".
IS IFP on the WebGateway 7 coming in a future release?
thanks for the help.
Bridge mode is the deployment method by which an MWG sits on the wire and bridges traffic between 2 NICs.
You have an internal NIC to the clients, an external NIC to the firewall, and it filters the web traffic going through it on predetermined ports (80,443,FTP) .
Any non filtered ports are simply forwarded to the other side.
thanks for the advice.
however, with a full 20G core backbone network, this idea seems really bad for us.
i see were it could be usefull for smaller networks that can not do wccp and don't want to force users to be directly proxied.
In our multi firewall, multi switch vendor, multi isp, multli os enviorment IFP was the way for us to do URL Filtering at the firewall level.
It has worked great for the past 5 years or so.
the Web Washer/Gateway appliances were sold to us as a way to continue to utilize our current "smartfilter IFP" firewall setup and add proxy capability for a % of out user base.
Doing both of these things on the same box with the same url policies was a big selling point for us.
we are talking to our mcafee reps and have opened up suppor ticket to try and get an answer for,
Wil IFP be supported on Version 7?
if so, what is the timeframe?
Since I'm just a system engineer in the field, committing to product features is way above my pay grade. But product management does recognize this as a chasm.
In the meantime, how much of your current traffic is IFP? Is it small enough to keep a single 6.x dedicated appliance (or VM) allocated for that purpose only until 7 has added IFP?
Agreed, the mgmt of the policy would be bifurcated during that time, but you still are filtering and you can still combine reporting in Web Reporter.
totally not expecting you to give me a commit on the IFP feature or not. but if you would carry the message upward that would appreciated.
Essentially, i think we will be breaking our redendant webgateway pair.
1 will run v6 for the firewall IFP
1 will run v7 for the proxy clients vis WCCP
this is less than ideal for many reasons, no redundancy, different configs to keep up/update/etc.
thanks for the help/ideas.
Heard you wish Chris. No commitment from my side as, but your request has been heard and put on THE list.
For MWG7 depending on how many users you have, you might want to oconsider VMWare as an option. So you could keep 6.8 redundant + fire up a virtual machine to serve as host for MWG 7.
Sr. Product Manager