+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
Internet Related/Filtering/Firewall Thread, Firewall Solutions - Residential College in Technical; ...
  1. #16
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    If you want to control traffic at app-level and have the £££ Palo Alto is well worth looking at... not cheap but it's very powerful. Content filtering might not be up to your standards though but seems Smoothwall is the only well-known one that really covers education primarily.

  2. #17
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22
    Watchguard have been mentioned quite a bit, but like I said I think it doesn't provide the true needs of a school. Smoothwall does seem to be the ideal solution as their support for schools is also very good.

    We have looked at a hell of a lot. I just want to have a proper big brother of the network. Who did what, when and what computer.

    Sounds like a silly question but can smoothwall also monitor internal Exchange emails. We have Exchange 2007 (going to 2010 soon) and it's all well and good monitoring what comes from the outside world, but bullyinging etc occurs internally and we want the evidence to help crack down and punished the right students over situations like this.

  3. #18

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Not internal mail but if you get something like impero/securus that will do client side monitoring and take screen shots of offending material.

  4. Thanks to glennda from:

    MrWu (8th July 2012)

  5. #19

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,632
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    We use Sonicwall as the primary firewall and can't sing it's praises high enough.
    The VLan support allows it to segregate all physical and logical segments at the firewall creating access rules for each interface as needed.
    The detail and granularity of control seems to do everything we throw at it and personally I find it incredibly easy to understand and the application and bandwidth control features are really good however, I have to agree that the content filtering system and more importantly it's management is not as easy to control or manage as other solutions.

    The Sonicwall relies on a rather annoying agent/service for AD integration and getting it to deliver the correct group membership and ultimately the correct level of filtering to the end user takes a lot of careful planning.
    Users inherit content filtering policies based upon AD Group membership, the default policy is and should remain the strictest policy you create alternative policies and link these to your AD groups.
    Sounds easy until the agents suddenly stop working and everybody suddenly inherits the strictest policy with the resulting Helpdesk calls to say teachers cannot reach their hotmail or YouTube!

    Which is probably why Sonicwall offer integration with Websense Enterprise Appliances!

    Given the choice personally I would always go with the Sonicwall as my firewall and UTM device as you can't get away from the fact that it is what it is, a Firewall device first with a content filtering option!
    If filtering however is your primary requirement then maybe the smoothwall is your better option or an inline cache/filter appliance.
    Last edited by m25man; 8th July 2012 at 10:02 PM.

  6. Thanks to m25man from:

    MrWu (8th July 2012)

  7. #20

    Join Date
    Dec 2011
    Posts
    404
    Thank Post
    368
    Thanked 45 Times in 33 Posts
    Rep Power
    13
    Yes we have a lot of fun and games with Sonicwall(we have E5500) Looked after by our ISP but recently getting more involved with settings etc. agreed that Content filtering not it's strongest point(keyword blocking being weak point, very limited)

    As a Firewall it just works. We will be installing Lightspeed Bottle Rocket Filtering device to take over CFS when we go BYOD.
    Last edited by MrWu; 8th July 2012 at 10:14 PM.

  8. #21
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22
    Quote Originally Posted by glennda View Post
    Not internal mail but if you get something like impero/securus that will do client side monitoring and take screen shots of offending material.
    Interesting. I have heard of screen capturing software, another one that is used in our county is Policy Central by Forensic. I like the overall Idea of them, but the maintenance is a nightmare with so many false positives. Takes a long time to fine tune it, though I haven't played with those mentioned above, i'll have a look into it.

    I suppose with the ability to prevent attachment types etc within Exchange itself, there is little need for an firewall to monitor internal mail. I'm thinking too much e-safety and not network security.

    Thanks for the info.

  9. #22

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,817
    Thank Post
    272
    Thanked 1,138 Times in 1,034 Posts
    Rep Power
    350
    Quote Originally Posted by DEvans View Post
    Interesting. I have heard of screen capturing software, another one that is used in our county is Policy Central by Forensic. I like the overall Idea of them, but the maintenance is a nightmare with so many false positives. Takes a long time to fine tune it, though I haven't played with those mentioned above, i'll have a look into it.

    I suppose with the ability to prevent attachment types etc within Exchange itself, there is little need for an firewall to monitor internal mail. I'm thinking too much e-safety and not network security.

    Thanks for the info.
    Problem with anything looking for key words in always going to be false positives i'm afraid. Until a computer can work out contexts around what is being said. At my last place the most "at risk user" for about 5 months was the business manager as she was arranging lots of meetings! and phrases like I'll meet you etc etc.

    You could do a basic set of rules like the above inside exchange with transport rules and have them BCC'd to a mailbox but it would be a nightmare to keep up to date and monitor.

  10. #23

    Join Date
    Nov 2009
    Location
    Sunderland
    Posts
    45
    Thank Post
    4
    Thanked 11 Times in 8 Posts
    Rep Power
    11
    Hi, the College I work at also has a Halls of Residence and we use a Smoothwall UTM-3000 box to handle all our filtering/firewall needs - will do everything on your list.

    We've had the UTM-3000 in for about 7 months now and haven't had a single problem with it, the UTM-3000 has 6 network cards (which are VLAN capable), with our current setup we've got them plugged into our JANET router, one into a backup broadband line, DMZ, LAN and guest/halls wireless.

    We basically run the halls of residence wireless as an untrusted zone and allow it access to services in our DMZ - which are the same services other students can access from home.

    Biggest issue we get frm our residents is high bandwidth applications (ipalyer etc...) we bought the traffic shapping module for Smoothwall but haven;t implemented it yet - planned for the summer, along with a second UTM-3000 box to give us active/passive hardware failover.

  11. #24
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22
    Thanks CScott,

    Good to hear someone in a similar (if not identical) situation.

    Thanks everyone on your opinions, i've got a call coming my way this morning from Sean Lazenby at Smoothwall, looks pretty clear on what is the overall best solution for our situation.

    Much Appreciated!

    /Dan

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Seeking advice on Gateway-Firewall-Filter solutions
    By dleigh in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 9th June 2010, 02:42 PM
  2. Firewall solution?
    By cookie_monster in forum Wireless Networks
    Replies: 21
    Last Post: 14th March 2008, 08:40 AM
  3. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 12:54 PM
  4. Replies: 0
    Last Post: 26th August 2005, 01:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •