I am potentially looking at building Web Gateway (virtual edition), and in reading through the online features I see that it supports several network configuration (inline, simple inline, port span/tap, inline + proxy, proxy, etc.).
The primary purpose of this device is to (a) authenticate users (preferably automatically) before they can access the internet. If the user doesn't belong to a specific group in our AD, then they don't get access to the internet... and (b) have the device do URL filtering (If any user tries to access gambling web sites for example, they are blocked).
This being said, can the Symantec Web Gateway be configured through the type of network configurations where computer/user web browsers don't have to have proxy server/port settings configured and pointing to this Web Gateway server before they can access the internet?
For example, a WebSense deployment listens for web traffic, intercepts it, authenticates and filters the requests, then sends the request out to the internet. There is no configuration (manual or automatic) required of the user's web browser proxy settings that are required in this deployment to gain internet access. This is the type of deployment of a Web Gateway we are looking for. On the other hand, Microsoft's ForeFront TMG server requires that either the user's web browser proxy settings be configured and pointed to the ForeFront TMG server before the user can get access to the internet, or a TMG client be installed on all computers. We don't want to have to manually (or even through automatic means) configure user's web browser proxy settings.
So for the various network configuration deployments listed above for the Web Gateway... is there a network configuration which once implemented will emulate what a WebSense deployment would do, where it listens for or intercepts web traffic (or other types of traffic) on the network, authenticates it and filters it, before sending those web requests off to the internet?