> It's not a matter of being expensive or not.
> I just don't want to setup proxy servers on all locations we provide
> We have too many locations and many of them just don't have/want the space
> provided to put an extra box.
> Also, a single machine on each location is hard to manage.
> We manage everything as central as we can and we like to keep it that way.
I am wondering if as NAT redirect could send all web traffic to a
central proxy elsewhere on the net... Of course, this does nothing for
https, and the law will make no distinction.
Another option would be to set up a enterprise wide VPN, and have
EVERYTHING use a central DNS server at your home location. Then track
DNS lookups, and assume that people are connecting with something.
But all this will depend on what exactly is required in the law.