We are midway through a large system upgrade including massive network expansion and lots of new hardware.
The contractor brought in a Mikrotik router to replace the Cisco ASA's that we had. These Mikrotik's are completely different and there are not many resources available online for help with them. I need to send all of my Internet traffic through my Websense Triton Webfilter, but cannot figure this out.
The Mikrotik in question is a CC1009-8G-1S model, and we are on version 7.7.0.1483 of Websense Triton Unified Security Center, running in a VmWare environment on a MS 2008 R2 Server vm with a single virtual nic. I haven't changed anything on the vm because the Cisco ASA and it were playing nicely together.
The contractor is proposing this:
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
Since your Websense box is on a VM and it won’t have dedicated NICs for pass-through mode, we are going to sacrifice a few ports on our Catalyst to make this happen. We’d appreciate you getting with Websense to see if this will work.
First we need you to configure the Websense VM with dual virtual NICs, like you did with the OnSSI recording server.
We’ll need you to place one NIC on VLAN26 and the other on VLAN27.
We will modify the Catalyst switch to accept traffic from these ports on the Trunks connected to your VM servers.
On our Catalyst switch we will separate VLAN25 (user traffic) to a separate port. We will use a short jumper to connect this port, which represents outbound traffic from your network, into the VLAN26 port of the Catalyst. This will force the outbound network traffic to flow into your Websense box.
We will then connect the VLAN27 port back into the Mikrotik router to provide a path to the internet. It will be expected that the Websense VM is going to push its traffic from one NIC to the other and that’s something we will need you to verify with the manufacturer.
Let us know if the folks at Websense think this will be an OK implementation and if not, what they recommend.
It seems that there has to be an easier way, any insights or help would be greatly appreciated!