+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Internet Related/Filtering/Firewall Thread, MS ISA or Squid / Dansguardian in Technical; We have a whole bunch of students going to a remote campus for a term, and I need to set ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

    MS ISA or Squid / Dansguardian

    We have a whole bunch of students going to a remote campus for a term, and I need to set up some filtering and a caching proxy for them.

    I have the full MS Schools agreemeent, would I be better off using MS solution ISA (is it called somehting else now?) or setting up squid and dg.

  2. #2
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    19
    MS ISA is now called MS Forefront TMG (threat Management Gateway)

    nick

  3. Thanks to bart21 from:

    jonny_2010 (4th July 2011)

  4. #3
    jamesreedersmith's Avatar
    Join Date
    Sep 2009
    Location
    Ruskington
    Posts
    1,140
    Thank Post
    77
    Thanked 251 Times in 225 Posts
    Rep Power
    76
    Do you currently have a smoothie at all - they may let you run a second appliance for a while FOC?

  5. #4

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    we have isa 2006 but do not use it for filtering web content or blocking users from internet. too much overhead swapped to bloxx internet filter

  6. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    We use squid and dansguardian with identd on the clients so the dansguardian box knows who someone is and which filter group to put them in. It scans files for viruses and when its in the cache and does not get affected by viruses and its linux.

    I would go for this option its not perfect but once created it will run and run. You can also do reports on what someone or what computer has accessed on the web its great but would take some setting up. If you have enough money a comercial version is available http://www.smoothwall.net/live/index.php

    Richard

  7. Thanks to ricki from:

    RabbieBurns (8th June 2011)

  8. #6

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    I'm not going to waste money on a commercial product as this is just for a 1 off term for only about 40 students. I want something quick and easy I can just set up and dump there just to filter their web. The laptops all have AV on them. Squid and Dansguardian sounds like a faff to setup unless there is a really comprehensive how-to especially designed for school filtering?

    I will have a play with TMG today and see what it can do.

  9. #7

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    Squid and DG is not "easy" if you have no linux knowledge. If I am honest I got a debian, squid and DG "working" within a few days and I was a linux virgin but it took a few months to get it finely tuned - mainly due to my lack of time and knowledge in linux. Now I have 4 groups - junior school, senior school, staff, unfiltered all using seamless NTLM with a script scraping my OUs every hour putting the logon names in the correct filterlist.

    My advice is to use debian and compile squid3 and DG using NTLM options. That is the most stable for me and has worked flawlessly since I did it.

    This was my guide to get NTLM squid. Adding DG was easy enough after this: squid with ldap_auth and squid_ldap_group... help needed [Archive] - Ubuntu Forums I customised mine (in the end) to use a network bridge - that way the client gateways do not need to be changed. bridge-utils and brtables were used to force traffic along.

    You will also need a blocklist from somewhere. I use http://urlblacklist.com/ on a "1 per week" pricing. It has worked well enough for a "raw blocklist" but over time I have tuned the page scanning in DG to be more than adequate.
    Last edited by KK20; 8th June 2011 at 09:07 AM.

  10. #8

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    IVe got linux knowledge but time is the factor I dont have much spare of.

    Ive found an old one of these in a cupboard: watchguard firebox x5500e

    Does anyone know if this will do anything without it being on any sort of contract?

  11. #9

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    ok so the watchguard thing was over 3 grand for a year.

    Does anyone know what the cost for smoothwall is for just 40 users?

    @tom_newton do they do licenses on term by term basis rather than year by year?

  12. #10

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

  13. #11


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    @RabbieBurns - sure if you need an odd-term licence we'll be able to help. We also do licences for any number of users 10+
    Last edited by tom_newton; 13th June 2011 at 09:51 AM.

  14. Thanks to tom_newton from:

    RabbieBurns (13th June 2011)

  15. #12

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    thanks Tom. Do I need to go through customtech? I need to have a solution in place for close of business wednesday, so will speak to my boss tomorrow see what he says and then get a price from them asap. Cheers

  16. #13
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,023
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    unfiltered all using seamless NTLM with a script scraping my OUs every hour putting the logon names in the correct filterlist.
    Out of interest, what script do you use for this? At the moment I do a manual dump of our OUs at the start of the year and concatenate the correct =filtergroup on the end of the usernames. Then during the year if we create new accounts we add them manually.

    Have been meaning to see if I can script this for a while as it's a bit of a pain :P
    My system works fairly well but I'd replace it with full on smoothwall if we could afford it, but we're so poor nowadays

  17. #14


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Yes, go through Custom... i'll let Gordon know the score.

    Tom

  18. #15


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    If you run into any troubles in terms of getting stuff done, drop me a mail, i'm liable to check stuff out-of-uk-hours

  19. Thanks to tom_newton from:

    RabbieBurns (13th June 2011)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Squid/Dansguardian and ISA 2004
    By nathan in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 6th January 2011, 09:15 PM
  2. Replies: 1
    Last Post: 20th December 2010, 02:30 PM
  3. Need a Dansguardian / Squid configuration expert
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 70
    Last Post: 10th August 2010, 12:31 PM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •