+ Post New Thread
Page 9 of 10 FirstFirst ... 5678910 LastLast
Results 121 to 135 of 143
Internet Related/Filtering/Firewall Thread, Lightspeed vs Smoothwall in Technical; Originally Posted by Eappariello There is full blown proxy service on the rocket appliance that you can use for MinM ...
  1. #121

    Join Date
    Nov 2011
    Posts
    217
    Thank Post
    260
    Thanked 23 Times in 19 Posts
    Rep Power
    11
    Quote Originally Posted by Eappariello View Post
    There is full blown proxy service on the rocket appliance that you can use for MinM HTTPS interception. We also use it for the MDM global proxy payload on IOS. It will log and block etc HTTPS the same as HTTP traffic.
    I am sorry to have missed that then - the demo unit was a bottle rocket, so that is probably where the misunderstanding arose. It probably would not have been enough, but it might have swung our decision.

    I did feel lacking in information on technical detail for Lightspeed - a lot of the wiki seems to be customer only. It would be helpful if you could put an easily accessible page of technical specifications and features with a comparison of the different models. Maybe one already exists and I missed it as well!


    Quote Originally Posted by Geoff View Post
    Did you try the security forum? I'd bet/hope that would set smoothwall off. There's information in the threads in there you absolutely do not want you little darlings reading lest they lay waste to your network.
    Did a quick test and it seems not, but I am not quite sure what category the security forum would be blocked under - proxy bypass maybe? I would be surprised about it being blocked under any dynamic filtering though - working out automatically that that content is sensitive seems as if it would be pretty tough. Easy to block the security forum manually of course, but then we have web forums as a category blocked for pupils.

  2. Thanks to Jollity from:

    Eappariello (30th March 2013)

  3. #122
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Quote Originally Posted by Jollity View Post
    I am sorry to have missed that then - the demo unit was a bottle rocket, so that is probably where the misunderstanding arose. It probably would not have been enough, but it might have swung our decision.

    I did feel lacking in information on technical detail for Lightspeed - a lot of the wiki seems to be customer only. It would be helpful if you could put an easily accessible page of technical specifications and features with a comparison of the different models. Maybe one already exists and I missed it as well!
    All of the rocket appliances run the same code, from the bottle rocket to the 10GB rocket, so all features are the same on every hardware model, its just a matter of throughput.
    Thanks for the feedback however, I will endeavour to see if we can improve the Wiki in this area.
    Did you happen to contact support with this question, or attend the free web essentials course, or free training videos ? or was you not informed about them ?

    Thanks again for the feedback
    Simon
    Last edited by Eappariello; 30th March 2013 at 07:51 PM.

  4. #123

    Join Date
    Nov 2011
    Posts
    217
    Thank Post
    260
    Thanked 23 Times in 19 Posts
    Rep Power
    11
    Quote Originally Posted by Eappariello View Post
    Did you happen to contact support with this question, or attend the free web essentials course, or free training videos ? or was you not informed about them ?
    My information about lack of SSL decryption came from the engineer who came to install the demo unit. I questioned the point specifically, and he did not mention the proxy option. However I only realised the full significance for us in terms of logging later on, so I did not push the point as hard as I might have.

    I do not recall being pointed to the web essentials course or web videos, but I may have forgotten. However, pre-sale when I am trying to compare different options and get as much of a complete overview as quickly as possible, personally I find video a rather slow way to learn about a product. So had I known about the videos, I would probably have skipped through some but not watched them all.

  5. Thanks to Jollity from:

    Eappariello (31st March 2013)

  6. #124
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Fair points. Thanks for taking the time to give some feedback, we will use it to improve our demo process.

    Quote Originally Posted by Jollity View Post
    My information about lack of SSL decryption came from the engineer who came to install the demo unit. I questioned the point specifically, and he did not mention the proxy option. However I only realised the full significance for us in terms of logging later on, so I did not push the point as hard as I might have.

    I do not recall being pointed to the web essentials course or web videos, but I may have forgotten. However, pre-sale when I am trying to compare different options and get as much of a complete overview as quickly as possible, personally I find video a rather slow way to learn about a product. So had I known about the videos, I would probably have skipped through some but not watched them all.

  7. #125


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,136
    Thank Post
    370
    Thanked 615 Times in 392 Posts
    Rep Power
    250
    It might be of interest to note that we see dynamic content analysis come to the fore in sites like Yahoo Mail where the users news feed might show objectionable content when they log in. On the face of it, yahoo mail is a webmail site in the webmail category, but we do see it blocked based on content - most commonly Gambling and Porn based on the ads and news feeds on the landing page. Of course most of the time you won't see this but periodically we see customers baffled by why the block page appears for something 'normal' like yahoo mail and when you drill into the log you find out it was blocked on content.

    You'll see it too in sites that randomly generate content when the random generator puts together something that triggers a content block. I can't point you to one though as the nature of it is random.

  8. Thanks to AMLightfoot from:

    Jollity (10th April 2013)

  9. #126

    Join Date
    Nov 2011
    Posts
    217
    Thank Post
    260
    Thanked 23 Times in 19 Posts
    Rep Power
    11
    Page 9 (only) of this thread is now being categorised by the Smoothwall content filter under web proxies and blocked. I don't think it likes being criticised.

  10. #127

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    Quote Originally Posted by Jollity View Post
    Page 9 (only) of this thread is now being categorised by the Smoothwall content filter under web proxies and blocked. I don't think it likes being criticised.
    I would more expect it to be this

    Did a quick test and it seems not, but I am not quite sure what category the security forum would be blocked under - proxy bypass maybe? I would be surprised about it being blocked under any dynamic filtering though - working out automatically that that content is sensitive seems as if it would be pretty tough. Easy to block the security forum manually of course, but then we have web forums as a category blocked for pupils.
    And this

    My information about lack of SSL decryption
    Reading this page and taking those key words you could be looking at a forum which is telling you how to bypass filtering.

  11. #128

    Join Date
    Nov 2011
    Posts
    217
    Thank Post
    260
    Thanked 23 Times in 19 Posts
    Rep Power
    11
    Quote Originally Posted by glennda View Post
    Reading this page and taking those key words you could be looking at a forum which is telling you how to bypass filtering.
    That does sound more likely than it being programmed to feel insulted. I was not criticising the filtering of the page - I agree the content makes it suspicious. I just found the coincidence amusing.
    Last edited by Jollity; 11th April 2013 at 10:05 AM. Reason: Typo

  12. Thanks to Jollity from:

    tom_newton (11th April 2013)

  13. #129
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,450
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    Quote Originally Posted by Jollity View Post
    That does sound more likely than it being programmed to feel insulted. I was not criticising the filtering the page - I just found it amusing.
    Tempting to put "Proxy bypass" in my sig now, smoothwall should, i assume, block every page i ever post on

  14. #130


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Quote Originally Posted by mrbios View Post
    Tempting to put "Proxy bypass" in my sig now, smoothwall should, i assume, block every page i ever post on
    Not quite that simple... though I believe there is a test string that's always blocked somewhere in the blocklists.

  15. #131

    Join Date
    May 2010
    Posts
    1,017
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    Thought I'd dig this thread up a year later.

    Those who have made the switch from Smoothwall to Lightspeed, what are your experiences ? Are you happy ? regrets ?

  16. Thanks to caffrey from:

    psydii (4th May 2014)

  17. #132

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,875
    Thank Post
    574
    Thanked 998 Times in 770 Posts
    Blog Entries
    15
    Rep Power
    461
    Also interested in this. We've had *countless* demos, webinars, do's, dont's etc of Lightspeed and still it would be apparent that Smoothwall is the preferred product even now. However that's just how it comes across...

  18. #133

    Join Date
    May 2010
    Posts
    1,017
    Thank Post
    105
    Thanked 76 Times in 62 Posts
    Rep Power
    47
    The school has been using smoothwall for a long time now and I've seen it grow, reading back through this thread, a lot of the things smoothwall mentioned haven't materialised in a year since the thread was started (reporting etc.) the layer 7 addition got released without any fanfares and is a paid addon module at 500 quid, I've a demo of it but I can't find any news or information on how to use it (its in outgoing ports and I can't appear to get it to work) I could open a ticket to get info or make a post on the smoothwall forum here - which I did but got totally ignored. The school is gearing up to BYOD and iPads more and more and I'm just feeling out of control with the filtering (students running rampant with private VPN's and other apps) most app traffic is unmonitored as far as I can tell. I need a product more in line with this.

  19. #134


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,136
    Thank Post
    370
    Thanked 615 Times in 392 Posts
    Rep Power
    250
    Quote Originally Posted by caffrey View Post
    The school has been using smoothwall for a long time now and I've seen it grow, reading back through this thread, a lot of the things smoothwall mentioned haven't materialised in a year since the thread was started (reporting etc.) the layer 7 addition got released without any fanfares and is a paid addon module at 500 quid, I've a demo of it but I can't find any news or information on how to use it (its in outgoing ports and I can't appear to get it to work) I could open a ticket to get info or make a post on the smoothwall forum here - which I did but got totally ignored. The school is gearing up to BYOD and iPads more and more and I'm just feeling out of control with the filtering (students running rampant with private VPN's and other apps) most app traffic is unmonitored as far as I can tell. I need a product more in line with this.
    In terms of reporting one of the biggest challenges you would have faced was performance simply because the SQL system that was in the original product couldn't cope with the increase in scale of traffic flow and reporting needs. We've released a massive change to the reporting system that totally changes how it indexes and the result is much much faster reporting. The aim was to make this as seamless and 'invisible' as possible so it is possible you may not even have noticed it happening. Now we have resolved the 'back end' situation with running reports we can address the front end usability and this is work in progress. I have personally been involved in the first phase of the reporting revamp and @ibpalle and I are really excited about what's coming. We expect there will be a number of small revisions as time goes on to better adapt the reporting system for the needs of our customers.

    As far as the layer 7 module goes, this should fit in seamlessly with your port rules and be configured under the Networking > Outgoing > Ports, find the port rule you want to edit and click 'Edit' on the 'Blocked Services' entry. This will take you to an 'Edit Services' screen where you can use the Layer 7 content to block services.

    It is not possible to allow services based on these as the problem is identifying them. The way it works is to perform deep packet inspection and often traffic can only be categorised once an initial handshake has been processed. So your client might say hello to a P2P service but can't then send or receive traffic. The inbuilt Manual accessed using the 'Help' or '?' buttons has configuration information for this under the title 'Managing Blocked Services'.

    App traffic doesn't always behave in a standard way and add into that complications from HTTPS and you have a bit of a minefield. A big part of effectively filtering mobile devices is Authentication. If you're using captive portal then apps aren't ever going to play nice with it because captive portals are browser based and most apps don't interface with the browser at all. The next snag you hit with apps is SNI - they aren't browser based so the applications have to be written to support SNI and lots of them aren't which is a problem when trying to intercept HTTPS. A lot of traffic goes out over HTTPS these days so a lot of this is going to be damage limitation. Private VPNs are a firewall issue more than a filtering one so it might be worth bringing down an iron curtain and blocking all outgoing traffic on all ports then taking each request as it comes.

    The Smoothwall Support forum on this board is a peer support forum rather than an official support channel - our support engineers cannot prioritise posts on Edugeek over support tickets so if you are experiencing an issue with your Smoothwall product we always recommend that you log a support ticket in line with your Support agreement rather than relying on an engineer seeing your post as many simply are not able to spend time on this board.

  20. #135
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    Quote Originally Posted by AMLightfoot View Post
    In terms of reporting one of the biggest challenges you would have faced was performance simply because the SQL system that was in the original product couldn't cope with the increase in scale of traffic flow and reporting needs. We've released a massive change to the reporting system that totally changes how it indexes and the result is much much faster reporting. The aim was to make this as seamless and 'invisible' as possible so it is possible you may not even have noticed it happening. Now we have resolved the 'back end' situation with running reports we can address the front end usability and this is work in progress. I have personally been involved in the first phase of the reporting revamp and @ibpalle and I are really excited about what's coming. We expect there will be a number of small revisions as time goes on to better adapt the reporting system for the needs of our customers.
    Thats great news! I've found the smoothwall reporting system to be miserably slow and just about useless in real world situations where I've had to present data to our SMT members.

    Please consider making the reports more "human readable" and in line with what school managers would want to see.

    The user inteface also needs a lot of work, I completly missed how to change the dates on a report as it was such a small box at the top of the screen and not on the report options toolbar. Imo this should all be in the one place.

    Also consider offering the option of SSD drives in your future UTM boxes as this would make creating reports so much quicker.
    Last edited by zag; 6th May 2014 at 11:56 AM.

SHARE:
+ Post New Thread
Page 9 of 10 FirstFirst ... 5678910 LastLast

Similar Threads

  1. Android Tablets vs. Smoothwall/Proxy
    By Gongalong in forum Netbooks, PDA and Phones
    Replies: 2
    Last Post: 10th July 2012, 12:18 PM
  2. Smoothwall Vs Sonicwall
    By SSFC in forum Internet Related/Filtering/Firewall
    Replies: 15
    Last Post: 29th March 2011, 08:41 AM
  3. ISA vs SmoothWall
    By Haux in forum Windows Server 2000/2003
    Replies: 16
    Last Post: 4th December 2009, 06:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •