+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Internet Related/Filtering/Firewall Thread, Firewall Solutions - Residential College in Technical; Hey Everyone, I work at a UK college that offers residency for the students and we currently have a crazy ...
  1. #1
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22

    Question Firewall Solutions - Residential College

    Hey Everyone,

    I work at a UK college that offers residency for the students and we currently have a crazy setup which is being effectively stripped out and started again.

    The current system involves a forefront's threat management gateway as the firewall solution and if i'm honest it's a right headache and isn't really a solution for a college.

    What we want is a solution that future proofs us and is well supported, ideally with a company that knows the education sector.

    The main contenders are obviously smoothwall and sonicwall. I've looked into others like watchguard but thats too enterprise for us, trying to keep it realistic. I've seen Netbox blue the "firewall solution designed for schools" but was a little unsure about it, doesn't seem to be much UK support.

    What we need it to do is:

    • Act as a middle man between clients and servers (protecting the servers from the kids who call themselves hackers).
    • Protect the Servers and Clients from the big bad internet
    • Allow for both a domain network and a "leisure network". The leisure network acting as a lesser filtered internet experience. We offer residency to students, so xbox live, skype, games etc are common requests.
    • To be able to control what times the leisure/domain network can be accessed etc..
    • Some form of indepth report, what students are up to, logging in times, general web filtering/policing
    • Some form of policing of social networking websites
    • Full Active Directory Syncing (aware of security groups etc)
    • Support for mobile devices (PDA's, SmartPhones)
    • Capable of managing a DMZ for Exchange OWA/Outlook Anywhere
    • Managing secure VPN connections into the college.


    When it comes to the firewall, I'm not the most experienced if i'm honest, I have a lot to look at and plenty to read up on. I am in talks with colleges around the local area about possibly visiting them to see their solutions, as it's easy to talk to a salesman from a firewall company, but the word yes yes yes is easily said but when its comes to the technical nitty gritty, you find that some yes's mean "sort of".

    The firewall is now becoming the most important decision we need to make, as everything needs to connect through it.

    I'm interested into what you all have seen, work(ed) with, don't think because you don't offer residential to students (as i know not many places do) that you can't recommend something.

    I'm looking for simplicity mainly, but obviously if the company's offer training on their product, that's even better.

    The big word is also cost, ball park figures are always welcome, we are expecting lots of money so it won't be anything we didn't expect.

    Thanks for all your help!

    Looking forward to hearing from you all.

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Pretty Sure a nice Smoothie UTM will do all that - @tom_newton is your person to get in contact with. Brilliant devices and excellent support.

    Plus top blokes!

    EDIT: Price depends on what you want such as at the gateway Anti-virus, HA setup, Spam Filtering etc Smoothwall will also do Instant Messaging Proxying as well i beleive al though I have never used this.
    Last edited by glennda; 20th June 2012 at 04:07 PM.

  3. Thanks to glennda from:

    tom_newton (21st June 2012)

  4. #3

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,269
    Thank Post
    113
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    TMG with the web protection subscription can do almost all of that. Add Fastvue TMG Reporter - Real Time Reporting for Microsoft Forefront Threat Management Gateway and you get the reporting. Where it might not quite meet your needs is around the requirement for 'policing social networking sites'.
    Last edited by psydii; 20th June 2012 at 04:05 PM.

  5. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    Soincwall filtering is shocking, i wouldnt use it if it was free!

  6. #5
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22
    @glennda - I'll be getting in touch with Tom, thanks for the info.
    @psydii - That Fastvue look quite impressive, we'll certainly have a look at that. Since we already have TMG, if it can be improved, it'll save the cash.
    @FN-GM - I've heard some pretty awful things about sonicwall recently, I wasn't too impressed at BETT, Sales people tell you anything you want to here, though he stumbled when I asked why go for sonicwall over smoothwall.
    Last edited by DEvans; 20th June 2012 at 04:22 PM.

  7. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462
    @DEvans We use sonicwall for SSL VPN. It works really well and we a chuffed. My old school used it for filtering, it was really bad!

  8. #7
    DEvans's Avatar
    Join Date
    Sep 2010
    Location
    Droitwich, Worcestershire
    Posts
    74
    Thank Post
    3
    Thanked 16 Times in 10 Posts
    Rep Power
    22
    The filtering is by far one of the most important requirements of our solution. We need to have potentially three levels of filtering. One for Staff, One for Students during work time an one for the leisure network for students after hours. Don't want those hiding in their rooms playing the xbox all day.

    Unfortunately if Sonicwall doesn't perform that well, then obviously we won't be going that way. I don't want to mix and match firewalls, ideally one solution, one supplier, one support contract.

    Thanks for the info

  9. #8

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,269
    Thank Post
    113
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Tips for TMG:
    Keep it up to date (Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2)
    Add your DCs to the Flood Mitigation exceptions.
    Make sure you've got your DNS configured right.
    If using proxy clients (which you will be) if they are members of the domain make sure they use the FQDN of the TMG to make best use of Kerberos. For large numbers of non domain member computers that require authenticated access to the web you will probably need to monitor the load on the associated DC as they or TMG may struggle to keep up with all the NTLM requests. A way around this might be to authenticate at a captive portal and log the IP, or perhaps use RADIUS authentication for proxy clients in TMG.

  10. #9

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by DEvans View Post
    The filtering is by far one of the most important requirements of our solution. We need to have potentially three levels of filtering. One for Staff, One for Students during work time an one for the leisure network for students after hours. Don't want those hiding in their rooms playing the xbox all day.

    Unfortunately if Sonicwall doesn't perform that well, then obviously we won't be going that way. I don't want to mix and match firewalls, ideally one solution, one supplier, one support contract.

    Thanks for the info
    For Filtering Smoothwall is Top Dog. It can do filtering on what, When, who, Where filtering so filtering can be set up like that.

  11. Thanks to glennda from:

    tom_newton (21st June 2012)

  12. #10

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14
    Quote Originally Posted by psydii View Post
    TMG with the web protection subscription can do almost all of that. Add Fastvue TMG Reporter - Real Time Reporting for Microsoft Forefront Threat Management Gateway and you get the reporting. Where it might not quite meet your needs is around the requirement for 'policing social networking sites'.
    Was about to say this, Forefront TMG seems to be ideally suited to your environment.

  13. #11

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,280
    Thank Post
    13
    Thanked 235 Times in 223 Posts
    Rep Power
    69
    I would recommend Watchguard but you have knocked them on the head. It will easily do all that and maybe its me been biased but they are good bits of kit and simple.

  14. #12

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by MatthewL View Post
    I would recommend Watchguard but you have knocked them on the head. It will easily do all that and maybe its me been biased but they are good bits of kit and simple.
    Watchguards are good but not up to scratch in terms of filtering required for a school - enterprise where filtering isnt a child protection isnt an issue its fine.

  15. #13

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,280
    Thank Post
    13
    Thanked 235 Times in 223 Posts
    Rep Power
    69
    Not too up on the filtering side of things but I was under the impression it went off to a site and pulled blacklists down, don't quote me as filtering isn't a big thing for us.

  16. #14

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by MatthewL View Post
    Not too up on the filtering side of things but I was under the impression it went off to a site and pulled blacklists down, don't quote me as filtering isn't a big thing for us.
    yes thats the problem - filtering via blacklists isn't that good on its own - smoothwall uses dynamic content filtering i.e it looks at each webpage and decides if it is ok or not (as well as blacklists for the obvious such as facebook etc).

    i do lots of work with watchguards (infact i'm installing 2 tomorrow). But for education i wouldn't use them.

  17. #15
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,540
    Thank Post
    524
    Thanked 294 Times in 270 Posts
    Rep Power
    84
    you can install Pfsense on watchguards..... never tried it though.

    Why not use pfsense anyway it has all of the features of most paid for solutions, it's really easy to configure and setup too ... all you need is an old PC to install it on.

    http://www.pfsense.org/

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Seeking advice on Gateway-Firewall-Filter solutions
    By dleigh in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 9th June 2010, 02:42 PM
  2. Firewall solution?
    By cookie_monster in forum Wireless Networks
    Replies: 21
    Last Post: 14th March 2008, 08:40 AM
  3. Windows Firewall
    By GrumbleDook in forum Windows
    Replies: 16
    Last Post: 31st August 2005, 12:54 PM
  4. Replies: 0
    Last Post: 26th August 2005, 01:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •