East Midlands Broadband Consortium (EMBC) Thread, EMBC & Smoothwall UTM in Regional Broadband Consortiums (RBC); Does anyone have running a smoothwall box working with EMBC as the upstream proxy?
I am about to fit a ...
20th November 2008, 06:52 PM #1
EMBC & Smoothwall UTM
Does anyone have running a smoothwall box working with EMBC as the upstream proxy?
I am about to fit a smoothwall UTM, to replace our existing on site proxy, and several internal firewalls (for wireless etc), after a chat with the ever helpful Gavin from Smoothwall I think is should work, but, I was wondering if anyone had this up and running!
We don`t want to get rid of our on site filtering, as we don`t trust embc too much! However, I don`t want to go too much off the standard network build.
Anyone done anything simalar?
IDG Tech News
20th November 2008, 09:19 PM #2
Yes thanks :-)
To stay as close to SNC as possible you should run any firewall / proxy in routed mode so you are not making use of NAT. This still allows for things like SSO, PCF, etc ... I have been meaning to chat to Tom and Gav about sorting out docs for this within East Mids ... I'll finally get round to it now. Thanks for the nudge.
Thanks to GrumbleDook from:
robk (20th November 2008)
20th November 2008, 10:07 PM #3
Ah thanks for that, Tony, if you can get it to work then the story I heard about problems with embc services being affected my well be miss informed....
Originally Posted by GrumbleDook
If you would like me to try out any docs I hope to be trialing a UTM in the next week or so.
20th November 2008, 11:46 PM #4
The main problem is when people don't know hat to configure things properly, use NAT or forget to tell first line that they are running an internal box when they have problems. I am not saying things are perfect and can be a tad awkward ... but hey ... if it all worked all the time then where would that get us?
21st November 2008, 08:53 AM #5
Guess if we get it right ahead of time, and doc up what we have done, it should improve the situation...
8th December 2008, 11:02 AM #6
Smoothwall Using EMBC as upstream proxy
Did anyone have any joy with this? I have a Smoothwall box configured with an EMBC-friendly external IP to save us having to change our internal IP range.
I'd like to be able to use the Smoothwall box to do our content filtering ie point internal clients to this for their proxy server, and then point the smoothwall to the EMBC proxy.
I can't seem to get this to work though. If i set the embc proxy on an internal client and allow direct web access through Smoothwall i can get online, but obviosuly this bypasses the Smoothwall filtering.
Within the 'Web Proxy' settings on Smoothwall, in the 'Remote Proxy' box i have filled in the embc details, pointed my clients at the smoothwall but they are then unable to get online.
Does anyone have any ideas?
8th December 2008, 11:35 AM #7
Not sure why Smoothie doesn't like EMBC as upstream, but I do know that EMBC prefer not to do that.
One way to do it would be to proxy.pac most sites through Guardian and some through EMBC proxies.
AFAIK, from my conversations with el Tonerino, EMBC don't particularly appreciate NAT, or proxying before EMBC controlled sites. They also don't like you using them as an "upstream proxy" because it knackers their proxy load balancing, so I would avoid doing that. No good reason to do so in any case.
Thanks to tom_newton from:
Divaldo (8th December 2008)
8th December 2008, 04:25 PM #8
It should work but there are limitations depending on what you want to do.
By having all traffic go through your Smoothie it appears that all traffic from your network originates from the one box ... it isn't essential that this has a public address to be honest but more about that later.
Within your NetSweeper setup you need to make sure that you are not using portal controlled filtering or any groups. Your filters effectively need to be transparent to work. I would also say that you need to have Local Control of Filtering to make sure you can create some of the exceptions or additions to white / black lists.
You *will* lose out on the work the is going on for Single Sign On, which will affect you as a School Admin even if thoings don't affect your users. This could also have knock on effects for your VLE or other portals hosted externally (hence Tom's suggestion for the use of .pac files to allow use of Smoothwall for some sites and EMBC for others).
Tom and I have talked about how we can set up Smoothwall in routed mode to ensure that you get the best of both worlds (this goes for those with other inline boxes for filtering / cache / firewall) and I would be happy to chat to folks in Northants about trying a few things out. The important thing to remember that this is not an alternative to EMBC filters, but an addition.
8th December 2008, 04:56 PM #9
Would be happy to arrange a meeting of minds at BETT if we can get Tony, and a few EMBC bods about. We will do our utmost to support folks in this position.
By kmount in forum East Midlands Broadband Consortium (EMBC)
Last Post: 25th September 2008, 11:56 AM
By russdev in forum General Chat
Last Post: 23rd April 2008, 10:55 PM
By Modey in forum Wireless Networks
Last Post: 23rd April 2008, 11:28 AM
By SpuffMonkey in forum Wireless Networks
Last Post: 29th March 2007, 10:30 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)