Actually, going in a different direction, you could also consider Cisco Meraki Secure Connect (a SASE play). https://documentation.meraki.com/CiscoPlusSecureConnect With this solution you throw away your existing web filter and you use Cisco Umbrella instead (a cloud-based solution). This is a comprehensive filtering, auditing and logging platform. You add two new "virtual MXs" (which are actually Umbrella data centres), and your default route points to them instead. All your Internet traffic then flows directly from each site to Cisco Umbrella (in the cloud) for filtering. As a bonus, you can also install an agent on machines, mobile devices, etc, that provides this same level of protection, auditing and filtering, no matter where they are (for example, it continues to work when they are home).
... View more
