Internet Related/Filtering/Firewall Thread, MS ISA or Squid / Dansguardian in Technical; We have a whole bunch of students going to a remote campus for a term, and I need to set ...
6th June 2011, 12:13 PM #1
MS ISA or Squid / Dansguardian
We have a whole bunch of students going to a remote campus for a term, and I need to set up some filtering and a caching proxy for them.
I have the full MS Schools agreemeent, would I be better off using MS solution ISA (is it called somehting else now?) or setting up squid and dg.
IDG Tech News
6th June 2011, 01:05 PM #2
MS ISA is now called MS Forefront TMG (threat Management Gateway)
Thanks to bart21 from:
jonny_2010 (4th July 2011)
6th June 2011, 01:06 PM #3
Do you currently have a smoothie at all - they may let you run a second appliance for a while FOC?
7th June 2011, 09:25 AM #4
- Rep Power
we have isa 2006 but do not use it for filtering web content or blocking users from internet. too much overhead swapped to bloxx internet filter
7th June 2011, 10:53 PM #5
We use squid and dansguardian with identd on the clients so the dansguardian box knows who someone is and which filter group to put them in. It scans files for viruses and when its in the cache and does not get affected by viruses and its linux.
I would go for this option its not perfect but once created it will run and run. You can also do reports on what someone or what computer has accessed on the web its great but would take some setting up. If you have enough money a comercial version is available http://www.smoothwall.net/live/index.php
Thanks to ricki from:
RabbieBurns (8th June 2011)
8th June 2011, 01:23 AM #6
I'm not going to waste money on a commercial product as this is just for a 1 off term for only about 40 students. I want something quick and easy I can just set up and dump there just to filter their web. The laptops all have AV on them. Squid and Dansguardian sounds like a faff to setup unless there is a really comprehensive how-to especially designed for school filtering?
I will have a play with TMG today and see what it can do.
8th June 2011, 10:00 AM #7
Squid and DG is not "easy" if you have no linux knowledge. If I am honest I got a debian, squid and DG "working" within a few days and I was a linux virgin but it took a few months to get it finely tuned - mainly due to my lack of time and knowledge in linux. Now I have 4 groups - junior school, senior school, staff, unfiltered all using seamless NTLM with a script scraping my OUs every hour putting the logon names in the correct filterlist.
My advice is to use debian and compile squid3 and DG using NTLM options. That is the most stable for me and has worked flawlessly since I did it.
This was my guide to get NTLM squid. Adding DG was easy enough after this: squid with ldap_auth and squid_ldap_group... help needed [Archive] - Ubuntu Forums I customised mine (in the end) to use a network bridge - that way the client gateways do not need to be changed. bridge-utils and brtables were used to force traffic along.
You will also need a blocklist from somewhere. I use http://urlblacklist.com/ on a "1 per week" pricing. It has worked well enough for a "raw blocklist" but over time I have tuned the page scanning in DG to be more than adequate.
Last edited by KK20; 8th June 2011 at 10:07 AM.
9th June 2011, 10:31 AM #8
IVe got linux knowledge but time is the factor I dont have much spare of.
Ive found an old one of these in a cupboard: watchguard firebox x5500e
Does anyone know if this will do anything without it being on any sort of contract?
13th June 2011, 09:17 AM #9
ok so the watchguard thing was over 3 grand for a year.
Does anyone know what the cost for smoothwall is for just 40 users?
@tom_newton do they do licenses on term by term basis rather than year by year?
13th June 2011, 09:24 AM #10
13th June 2011, 10:46 AM #11
@RabbieBurns - sure if you need an odd-term licence we'll be able to help. We also do licences for any number of users 10+
Last edited by tom_newton; 13th June 2011 at 10:51 AM.
Thanks to tom_newton from:
RabbieBurns (13th June 2011)
13th June 2011, 11:43 AM #12
thanks Tom. Do I need to go through customtech? I need to have a solution in place for close of business wednesday, so will speak to my boss tomorrow see what he says and then get a price from them asap. Cheers
13th June 2011, 11:49 AM #13
Out of interest, what script do you use for this? At the moment I do a manual dump of our OUs at the start of the year and concatenate the correct =filtergroup on the end of the usernames. Then during the year if we create new accounts we add them manually.
unfiltered all using seamless NTLM with a script scraping my OUs every hour putting the logon names in the correct filterlist.
Have been meaning to see if I can script this for a while as it's a bit of a pain :P
My system works fairly well but I'd replace it with full on smoothwall if we could afford it, but we're so poor nowadays
13th June 2011, 12:26 PM #14
Yes, go through Custom... i'll let Gordon know the score.
13th June 2011, 12:47 PM #15
If you run into any troubles in terms of getting stuff done, drop me a mail, i'm liable to check stuff out-of-uk-hours
Thanks to tom_newton from:
RabbieBurns (13th June 2011)
By nathan in forum Internet Related/Filtering/Firewall
Last Post: 6th January 2011, 10:15 PM
Last Post: 20th December 2010, 03:30 PM
By Number6 in forum Internet Related/Filtering/Firewall
Last Post: 10th August 2010, 01:31 PM
Last Post: 24th July 2008, 08:24 PM
By NetworkGeezer in forum *nix
Last Post: 13th February 2007, 03:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)