Sure, here are some steps:
The Network Prevent server can respond with yes or no. It can also give a "modify" response so that the bad content is replaced with filler text. So instead of seeing:
Hi guys, here is the account number and credit card information I got for you:
Chadwell |
Quintin |
7/24/1977 |
Mastercard |
5274 5763 9425 9961 |
Jan-2014 |
678226614706 |
Chalker |
Lanny |
10/7/1982 |
Mastercard |
5301 7455 2913 8831 |
Oct-2014 |
057210723072 |
Chesser |
Orlando |
9/12/1941 |
Discover |
6011 6874 8256 4166 |
Apr-2015 |
086565019453 |
They will see:
Hi guys, here is the account number and credit card information I got for you:
--Content has been removed as it has violated data policy--
As for processing delay, that depends on the ability of the ISA server and Network Prevent server. I thought I saw official numbers say that with a regular network card you get somewhere aroun 100-200 Mbps of traffic throughput but I can't find the document. If you use an Endace network card then that can go up to about 900Mbps.
For many deployments the regular NIC should be fine unless you're deploying for more than 10,000 people. Also, Symantec recommends that you have 2 NICs on the Network Prevent. One for talking to ISA and one for talking to Enforce.
Be sure to get a good idea of the traffic in the environment before deploying to the customer.