I have mulitple locations that will be setup with internet T-1 circuits in the near future. The telco will be providing cisco 1721 routers and I was thinking about installing a pix 501 at most locations and a 506e at my corporate office. What I would like to do is force all internet traffic to the corporate office where I can setup a proxy server to filter web access. Is this feasible or do I need to look into doing this another way? There are no more than 15 users at the largest location and 3-4 users at the smaller locations. I have 9 locations in all.
example, instead of pix devices in remote sites, choose router with firewall capabilities (more echonomic), and set up gre tunnels over ipsec between each remote site and the central site (hub and spoke), or for redundancy you can mesh each remote site together setting up more gre tunnels over ipsec to the central site.
so forcing the entire traffic path for every remote site got towards the central site by a static default route pointing the central site tunnel interface, and after cheking desired servers, the go to the internet.
many large coporations with centralized resoucres use this desing, easy, secure, and cheaper.