Internet Related/Filtering/Firewall Thread, ISA / ClearTunnel / GFI WebMonitor / cachepilot / something else? in Technical; I work at a 1500 pupil secondary school.
All HTTP / HTTPS traffic passes through an ISA server, and on ...
All HTTP / HTTPS traffic passes through an ISA server, and on top of this all HTTP traffic additionally passes through a cachepilot.
The ISA server gives us control over who sees what as it is integrated into the Windows domain, so we maintain our own lists on the ISA server.
The cachepilot is used for smart webfiltering for everyone in the school.
We want to get rid of one of these, and do everything on one system.
We could domain integrate and keep the cachepilot, but the cachepilot is I believe the best candidate to be removed, as it appears that our HTTPS traffic performance is much better than HTTP performance, and I put this down to the cachepilot's poor performance.
I could use products like GFI WebMonitor or Burstek to integrate into the ISA server to give us web filtering on the ISA server. If we were to do this, I'd also be interested in using ClearTunnel to cache HTTPS traffic if this solution works, as this could really speed up connections to our VLE.
Alternatively, I could throw away both products and install something like SmoothWall, which I suppose will do the job, and appears to be well respected on this forum.
A few questions then...
Is HTTPS caching something worth investigating? If so, can Smoothwall do this?
As we already have ISA 2004, is it worth considering enhancing this product in anyones opinion? Is it now obselete, or do organisations still continue with it? I don't want to spend lots of money on what might be soon a dead end.
We are running ISA on an HP Proliant ML370G3 and an HP SmartArray RAID 1 configuration. Will SmoothWall run on this server anyone know?
Anyone who uses any of the products mentioned above have comments?
In the current climate, price will be a factor, and GFI WebMonitor looks pricey, but I don't know how it compares with the other candidates.
I think that Smoothwall should run on that server, it is based on Linux and as such is usually quite good on brandname server gear.
We use ISA 2006 with Surfcontrol/Websence which works quite well for us. ISA 2004 is still used by lots of people but it is getting old and does not support some protocols.
The newest option which replaces ISA 2006 is called Forfront Threat managment Gateway. This supports newer protocols like SIP and can be virtualized alond with supporting/requireing a 64bit OS. This also can actually provide filtering to a certain degree. I am not sure how good it is and whether it could be used as the sole solution to filtering for a school but it may be worth looking into.
I guess if we were to use Forfront Threat managment Gateway and it has similar functionality to ISA, then we'd still have to purchase this product as well as GFI WebMonitor and possibly ClearTunnel, whereas Smoothwall could be less expensive as it's just one product to purchase?
Virtualisation might be interesting to us - we are hopefully going down the VMWare route soon.