+ Post New Thread
Page 4 of 4 FirstFirst 1234
Results 46 to 52 of 52
Internet Related/Filtering/Firewall Thread, Smoothwall Network Guardian Negatives? in Technical; We had a trial today and are very impressed so we are looking into some hardware to run it on ...
  1. #46
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We had a trial today and are very impressed so we are looking into some hardware to run it on currently, can someone tell me a bit about the Smoothwall UTM appliance does this cost more than say a licence and general server or does it offer different features?

    Thanks.

  2. #47


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    cookie: price wise, you won't find a lot of difference I expect. Feature wise, it is much the same except the UTM has more network i/faces, and they are front mounted. You also don't have to install any software, of course. Personally, I have a hard time choosing which is the best option - which is why we offer both. If you already had hardware or have pre-existing favourable purchasing on hardware... id probably go with that, if you don't the UTM is a nice box!

    Give me a ring tomorrow (am on train home from infosec now!!) if you want to do some pro-ing and con-ing in more detail!

  3. Thanks to tom_newton from:

    cookie_monster (29th April 2009)

  4. #48

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    As a UTM Customer (sorted two out now) I didn't notice a real difference in price between buying a decent speced server with the same number of interfaces and performance as the UTM etc. Plus my view point was if Smoothwall sell the UTM and Software then I would hope that its 1110% compatible with it and they always ensure that it is otherwise they will have very angry customers was my view.

  5. #49

    Join Date
    Jun 2009
    Posts
    13
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I have only one negative that maybe you guys can help me with. That negative is an apperant incompatibility with Internet Explorer in some areas.

    We are currently evaluating Network Guardian on our server hardware (an HP DL360 G3 with dual xeon 2.8s, dual nics and 4 gb memory.) Last year we used the "lite" version of Surf Control built into our Firewall. It was so bad we had to use monthly "shock and awe" campaigns by scanning the logs for a few violators to scare the kids into thinking that we were watching them all of the time. Not very effective...

    Basic browsing with Internet Explorer (we have tried v7 and v8) works fine. The user authenticates and they get the pages they should and are blocked at the pages they shouldn't.

    But we get a username/password prompt when we try to attach a file to a gmail message. The IP address is that of the Smoothwall server, but no matter what username and password we use, we can't get through. The browser locks up. If we cancel the logon prompt, the attachment simply fails, but the browser doesn't lock up. What is weird is if we log into gmail with https, we have no problems....I guess because we have https intercept turned off. There obviously are workarounds (tell SW to not authenticate/cache on visits to gmail.com or have gmail force https), but I really don't like workarounds.

    Also, if a page is blocked, and I try to allow the site for 30 minutes, I get to the SW login where I enter the admin username and password. After I submit my admin logon credentials, I then get a 400 error page that says "This error (HTTP 400 Bad Request) means that Internet Explorer was able to connect to the web server, but the webpage could not be found because of a problem with the address."


    Several calls to SW support has them blaming Microsoft, which may be true. Firefox doesn't present with these problems, but I cannot force all of my users to switch to firefox. Am I the only one having these issues?

    This is a real shame, because other than these problems, this system and it's reporting is great!

    BTW, I am using Network Guardian 2008 with the latest updates installed and I am authenticating against AD (windows 2003 server) using Kerberos.

    Thanks for any help or further insight.

    Mark

  6. #50
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,414
    Thank Post
    193
    Thanked 247 Times in 120 Posts
    Rep Power
    61
    Hi Mark,

    I'll try and disect your questions,

    Also, if a page is blocked, and I try to allow the site for 30 minutes, I get to the SW login where I enter the admin username and password. After I submit my admin logon credentials, I then get a 400 error page that says "This error (HTTP 400 Bad Request) means that Internet Explorer was able to connect to the web server, but the webpage could not be found because of a problem with the address."
    The issue here is that you need to add the IP address and/or the FQDN of the smotthwall box to the proxy bypass in IE. What is haapening is that the bypass page is being proxy'd and filtering itself and kind of getting caught in a loop

    But we get a username/password prompt when we try to attach a file to a gmail message. The IP address is that of the Smoothwall server, but no matter what username and password we use, we can't get through. The browser locks up. If we cancel the logon prompt, the attachment simply fails, but the browser doesn't lock up. What is weird is if we log into gmail with https, we have no problems....I guess because we have https intercept turned off. There obviously are workarounds (tell SW to not authenticate/cache on visits to gmail.com or have gmail force https), but I really don't like workarounds.
    Sounds to me like its file security on http for the group that is accessing GMail. I would try the following:
    1 - If GMail is an allowed site see if adding a permanent bypass for the required group will work.
    2 - If you don't want to do this have a look at the smoothwall file security policy to see if that is blocking you.

    Several calls to SW support has them blaming Microsoft, which may be true. Firefox doesn't present with these problems, but I cannot force all of my users to switch to firefox. Am I the only one having these issues?
    Yes and no, IE is quirky and can present problems but most of these can be worked around and I am sure that scores of others that use this product on here (like me) will be able to tell you the same. I have had the same issues you have and have resolved these and more and they have all been to do with IE. The schools we support do not have another browser to use as it is policy ONLY to use IE so we have had to "fix" them.

    What you need to remember is that out of the box "by default" the network garudian install is restrictive, this is by design and will need tweaking to get it right for your school.

    Yes it's easy to install, and do basic configuration but you do need to spend some fine tuning.

    Shout if you need anymore help
    Last edited by ICTNUT; 23rd June 2009 at 07:31 AM.

  7. #51

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    220
    Thank Post
    15
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    If you're using proxy.pac files/auto-dectection you may get occasional issues with IE cached proxy results (i.e. it thought the proxy wasn't there for a second, so it decided not to use it again).

    https://support.smoothwall.net/index...barticleid=263 is your friend - specifically the GPO User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable caching of Auto-Proxy scripts.

  8. Thanks to rob_f from:

    whoopus (2nd October 2009)

  9. #52

    Join Date
    Jun 2009
    Posts
    13
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you, thank you, thank you!!! This one has really been killing me. I saw your post when you made it, but then got distracted with other issues and forgot about the fix. I then rolled out 210 student laptops and it has been a complete nightmare for the past three weeks. Changing to persistent connections and transparent proxy fixed the gmail attachment issue (not sure which one actually did it), but we still fought with the "this page cannot be displayed" errors. I stumbled across your post again today, gave it a try and haven't had a problem yet!!! I am pushing it out to all users this weekend.

    Many thanks!
    Mark

    Quote Originally Posted by rob_f View Post
    If you're using proxy.pac files/auto-dectection you may get occasional issues with IE cached proxy results (i.e. it thought the proxy wasn't there for a second, so it decided not to use it again).

    https://support.smoothwall.net/index...barticleid=263 is your friend - specifically the GPO User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable caching of Auto-Proxy scripts.

SHARE:
+ Post New Thread
Page 4 of 4 FirstFirst 1234

Similar Threads

  1. Installing Smoothwall Network Guardian s/w
    By Zourous in forum Internet Related/Filtering/Firewall
    Replies: 7
    Last Post: 1st April 2009, 04:05 PM
  2. Smoothwall - Network Guardian - Windows Updates
    By Macinator in forum Internet Related/Filtering/Firewall
    Replies: 11
    Last Post: 6th March 2009, 11:03 PM
  3. Smoothwall - Network Guardian Temp Bypass Feature
    By Macinator in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 17th February 2009, 05:30 PM
  4. Smoothwall - School Guardian Eval
    By Macinator in forum Internet Related/Filtering/Firewall
    Replies: 11
    Last Post: 17th February 2009, 03:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •