+ Post New Thread
Results 1 to 9 of 9
East Midlands Broadband Consortium (EMBC) Thread, EMBC & Smoothwall UTM in Regional Broadband Consortiums (RBC); Does anyone have running a smoothwall box working with EMBC as the upstream proxy? I am about to fit a ...
  1. #1
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    654
    Thank Post
    165
    Thanked 124 Times in 103 Posts
    Blog Entries
    1
    Rep Power
    47

    EMBC & Smoothwall UTM

    Does anyone have running a smoothwall box working with EMBC as the upstream proxy?

    I am about to fit a smoothwall UTM, to replace our existing on site proxy, and several internal firewalls (for wireless etc), after a chat with the ever helpful Gavin from Smoothwall I think is should work, but, I was wondering if anyone had this up and running!

    We don`t want to get rid of our on site filtering, as we don`t trust embc too much! However, I don`t want to go too much off the standard network build.

    Anyone done anything simalar?

    Thanks

    RobK

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    Yes thanks :-)

    To stay as close to SNC as possible you should run any firewall / proxy in routed mode so you are not making use of NAT. This still allows for things like SSO, PCF, etc ... I have been meaning to chat to Tom and Gav about sorting out docs for this within East Mids ... I'll finally get round to it now. Thanks for the nudge.

  3. Thanks to GrumbleDook from:

    robk (20th November 2008)

  4. #3
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    654
    Thank Post
    165
    Thanked 124 Times in 103 Posts
    Blog Entries
    1
    Rep Power
    47
    Quote Originally Posted by GrumbleDook View Post
    Yes thanks :-)

    To stay as close to SNC as possible you should run any firewall / proxy in routed mode so you are not making use of NAT. This still allows for things like SSO, PCF, etc ... I have been meaning to chat to Tom and Gav about sorting out docs for this within East Mids ... I'll finally get round to it now. Thanks for the nudge.
    Ah thanks for that, Tony, if you can get it to work then the story I heard about problems with embc services being affected my well be miss informed....

    If you would like me to try out any docs I hope to be trialing a UTM in the next week or so.

    Robk

  5. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    The main problem is when people don't know hat to configure things properly, use NAT or forget to tell first line that they are running an internal box when they have problems. I am not saying things are perfect and can be a tad awkward ... but hey ... if it all worked all the time then where would that get us?

  6. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Guess if we get it right ahead of time, and doc up what we have done, it should improve the situation...

  7. #6
    Divaldo's Avatar
    Join Date
    Feb 2008
    Location
    Leicestershire
    Posts
    75
    Thank Post
    23
    Thanked 3 Times in 3 Posts
    Rep Power
    13

    Smoothwall Using EMBC as upstream proxy

    Hi,

    Did anyone have any joy with this? I have a Smoothwall box configured with an EMBC-friendly external IP to save us having to change our internal IP range.

    I'd like to be able to use the Smoothwall box to do our content filtering ie point internal clients to this for their proxy server, and then point the smoothwall to the EMBC proxy.

    I can't seem to get this to work though. If i set the embc proxy on an internal client and allow direct web access through Smoothwall i can get online, but obviosuly this bypasses the Smoothwall filtering.

    Within the 'Web Proxy' settings on Smoothwall, in the 'Remote Proxy' box i have filled in the embc details, pointed my clients at the smoothwall but they are then unable to get online.

    Does anyone have any ideas?

    Thanks,

    David.

  8. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Not sure why Smoothie doesn't like EMBC as upstream, but I do know that EMBC prefer not to do that.

    One way to do it would be to proxy.pac most sites through Guardian and some through EMBC proxies.

    AFAIK, from my conversations with el Tonerino, EMBC don't particularly appreciate NAT, or proxying before EMBC controlled sites. They also don't like you using them as an "upstream proxy" because it knackers their proxy load balancing, so I would avoid doing that. No good reason to do so in any case.

  9. Thanks to tom_newton from:

    Divaldo (8th December 2008)

  10. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    It should work but there are limitations depending on what you want to do.

    By having all traffic go through your Smoothie it appears that all traffic from your network originates from the one box ... it isn't essential that this has a public address to be honest but more about that later.

    Within your NetSweeper setup you need to make sure that you are not using portal controlled filtering or any groups. Your filters effectively need to be transparent to work. I would also say that you need to have Local Control of Filtering to make sure you can create some of the exceptions or additions to white / black lists.

    You *will* lose out on the work the is going on for Single Sign On, which will affect you as a School Admin even if thoings don't affect your users. This could also have knock on effects for your VLE or other portals hosted externally (hence Tom's suggestion for the use of .pac files to allow use of Smoothwall for some sites and EMBC for others).

    Tom and I have talked about how we can set up Smoothwall in routed mode to ensure that you get the best of both worlds (this goes for those with other inline boxes for filtering / cache / firewall) and I would be happy to chat to folks in Northants about trying a few things out. The important thing to remember that this is not an alternative to EMBC filters, but an addition.

  11. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Would be happy to arrange a meeting of minds at BETT if we can get Tony, and a few EMBC bods about. We will do our utmost to support folks in this position.

SHARE:
+ Post New Thread

Similar Threads

  1. EMBC past, present & future.
    By kmount in forum East Midlands Broadband Consortium (EMBC)
    Replies: 17
    Last Post: 25th September 2008, 11:56 AM
  2. qik.com & embc
    By russdev in forum General Chat
    Replies: 6
    Last Post: 23rd April 2008, 10:55 PM
  3. ISA Server 2006 & EMBC - web filtering
    By Modey in forum Wireless Networks
    Replies: 7
    Last Post: 23rd April 2008, 11:28 AM
  4. EMBC & Logmein
    By SpuffMonkey in forum Wireless Networks
    Replies: 17
    Last Post: 29th March 2007, 10:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •