# Gateway http anti-virus filtering with router/proxy/something?



## Bruco (Dec 9, 2009)

Here's my situation:

I have a Cisco ASA 5510 as my gateway.  I do NOT have the content filtering licensing for it (CSC-SSM).  Nor are there plans for my company to purchase it.  However, I would like, if nothing else, anti-virus at the gateway.  Since we aren't going to buy anything I'd like to demonstrate the benefits of open source to the company.  And I like FreeBSD.  So I thought I'd try to put together a solution using it.

Now, I've read a lot about using Cisco WCCP and a transparent squid proxy and I think that combined with something like HAVP that would work.  However, it IS a little over-complicated for me: I have no need for the caching that a proxy provides.  I really would just like http traffic to be scanned for viruses/malware, and if found for the data stream to be stopped.

So, has anyone put a solution like this together?  Could I use something like HAVP and put it between my Cisco and the ISP router as the next hop for my Cisco?  If so, will it pass through non-http traffic without a fuss?  Could I combine pfsense with an anti-virus port and put it in front of my Cisco?  Anything other options?

Any and all suggestions are welcome.  Thank you.


----------



## HaydenHarnet (Aug 1, 2010)

plz let us know if you have find a solution , it sound great idea


----------

