+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Getting rid of firewall and Websense totally! in Technical; Hi all I'd be grateful to see what others think of this: We currently use TMG and Websense and have ...
  1. #1

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    225
    Thank Post
    0
    Thanked 16 Times in 15 Posts
    Rep Power
    12

    Getting rid of firewall and Websense totally!

    Hi all

    I'd be grateful to see what others think of this:

    We currently use TMG and Websense and have done for years. The clients that connect out through this are W7-based devices connected to my network and authenticated by AD.

    What we are increasingly finding is devices like IPads, Surface RTs, etc don't work very well behind an authenticated proxy so we've been looking at getting another device to sit alongside the TMG box.

    Also, our ISP is SWGFL.

    This has lead to a meeting I've just had with my principal where has questioned the need for the firewall and web filtering and asked why we cannot just ditch both and rely on the SWGFL filtering service and firewall (as a way of saving money).

    I know we originally set up Websense as there were (many years ago) problems with the SWGFL service. We originally set up a firewall to 'protect' us from other schools who use SWGFL and share our IP range assigned through them.

    Now I can see the benefit of getting shot of Websense, but getting rid of our firewall makes me feel very uneasy (even though it would make my life much easier in relation to unauthenticated proxy).

    So, I'm just seeing what my fellow Edugeekers who have a set up similar to the above do (and would you argue for keeping the firewall or not?)

    Thanks all

    Paul

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Are you sure SWGFL don't separate schools using VLANs? It'd be very surprised if they didn't, as it could mean viruses/malware (in a worse case scenario) hopping from one network to the next.

    So long as there's a firewall in place somewhere then you should be OK, but it is nice to be able to manage your own firewall.

  3. #3
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    334
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24
    We are on the SWGfL and have Smoothwall on top of that.

    Smoothwall WITH 802.1X authentication works perfectly and transparently for BYOD.

    Then traditional NTLM and Kerberos can be done on the Smoothwall for the traditional networked PC's and Apple Macs.

    SWGfL do have a transparent proxy but you will loose the per user audit trail, as SWGfL don't log per user.

  4. Thanks to MicrodigitUK from:

    tom_newton (10th February 2014)

  5. #4

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    225
    Thank Post
    0
    Thanked 16 Times in 15 Posts
    Rep Power
    12
    I think my principal's idea is to get rid of everything and just rely on SWGFL.

    I'm not sure why we were set up this way originally (old NM long gone with zero documentation) but I suspect (and hope) SWGFL's offerings have improved since then.

    I don't know about SWGFL VLANs either. If they are set up then it would allay my fears a bit and I think my principal would be happy with losing per-user logging due to the large monetary saving.

  6. #5
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    574
    Thank Post
    3
    Thanked 130 Times in 121 Posts
    Rep Power
    50
    Our SWGfL connection used to allow access to other schools IP ranges (made supporting our local primary very handy) but disappeared about 3 years go.

    We are purely using the upstream Safetynet for our filtering provision with the transparent option enabled as we also have Impero to log the website access on the workstations.
    At present only our staff BYoD devices have the transparent proxy as their primary connection type as we still force all other connections via the normal SWGfL proxy address.

    Must admit I fail to see how sending traffic via normal or transparent proxy will stop SWGfL from generating logs for users since it will still have IP address assigned regardless... then again from feedback from another site they have never managed to get any log files from SWGfL to resolve an issue.

  7. #6

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    I'd be terrified of using just SWGFL, having now been independent of them for 6 months. The SWGFL filtering is, at best, not logical, and the firewall admin is slow and patchy. We've previously had to wait for six weeks to have a bi-di port opened, and then they got it wrong the first 2 times they tried.

  8. #7
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    574
    Thank Post
    3
    Thanked 130 Times in 121 Posts
    Rep Power
    50
    Firewall modifications have always been reasonable quick when you consider it's RMI doing some of the modifications, although I did have a few backwards and forwards attempts when getting IMAP opened up purely for the Microsoft Datacentres last summer but that only took a week in total.

    Their filtering solution might not be the most advanced out there, but it does what it claims to do. No web filtering solution is every 100% perfect, but it just depends on how much you want to invest in it.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 15th January 2014, 07:31 PM
  2. Replies: 3
    Last Post: 13th April 2011, 09:03 AM
  3. Getting rid of old PC's (they don't work and have been water damaged)
    By Ben_Stanton in forum How do you do....it?
    Replies: 22
    Last Post: 16th June 2009, 08:59 AM
  4. Get rid of register and lost password
    By FN-GM in forum EduGeek Joomla 1.0 Package
    Replies: 6
    Last Post: 17th December 2007, 07:51 AM
  5. Replies: 8
    Last Post: 31st October 2007, 04:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •