Internet Related/Filtering/Firewall Thread, Firewall Solutions - Residential College in Technical; Hey Everyone,
I work at a UK college that offers residency for the students and we currently have a crazy ...
20th June 2012, 04:22 PM #1
Firewall Solutions - Residential College
I work at a UK college that offers residency for the students and we currently have a crazy setup which is being effectively stripped out and started again.
The current system involves a forefront's threat management gateway as the firewall solution and if i'm honest it's a right headache and isn't really a solution for a college.
What we want is a solution that future proofs us and is well supported, ideally with a company that knows the education sector.
The main contenders are obviously smoothwall and sonicwall. I've looked into others like watchguard but thats too enterprise for us, trying to keep it realistic. I've seen Netbox blue the "firewall solution designed for schools" but was a little unsure about it, doesn't seem to be much UK support.
What we need it to do is:
- Act as a middle man between clients and servers (protecting the servers from the kids who call themselves hackers).
- Protect the Servers and Clients from the big bad internet
- Allow for both a domain network and a "leisure network". The leisure network acting as a lesser filtered internet experience. We offer residency to students, so xbox live, skype, games etc are common requests.
- To be able to control what times the leisure/domain network can be accessed etc..
- Some form of indepth report, what students are up to, logging in times, general web filtering/policing
- Some form of policing of social networking websites
- Full Active Directory Syncing (aware of security groups etc)
- Support for mobile devices (PDA's, SmartPhones)
- Capable of managing a DMZ for Exchange OWA/Outlook Anywhere
- Managing secure VPN connections into the college.
When it comes to the firewall, I'm not the most experienced if i'm honest, I have a lot to look at and plenty to read up on. I am in talks with colleges around the local area about possibly visiting them to see their solutions, as it's easy to talk to a salesman from a firewall company, but the word yes yes yes is easily said but when its comes to the technical nitty gritty, you find that some yes's mean "sort of".
The firewall is now becoming the most important decision we need to make, as everything needs to connect through it.
I'm interested into what you all have seen, work(ed) with, don't think because you don't offer residential to students (as i know not many places do) that you can't recommend something.
I'm looking for simplicity mainly, but obviously if the company's offer training on their product, that's even better.
The big word is also cost, ball park figures are always welcome, we are expecting lots of money so it won't be anything we didn't expect.
Thanks for all your help!
Looking forward to hearing from you all.
20th June 2012, 04:28 PM #2
Pretty Sure a nice Smoothie UTM will do all that - @tom_newton is your person to get in contact with. Brilliant devices and excellent support.
Plus top blokes!
EDIT: Price depends on what you want such as at the gateway Anti-virus, HA setup, Spam Filtering etc Smoothwall will also do Instant Messaging Proxying as well i beleive al though I have never used this.
Last edited by glennda; 20th June 2012 at 05:07 PM.
Thanks to glennda from:
tom_newton (21st June 2012)
20th June 2012, 04:55 PM #3
TMG with the web protection subscription can do almost all of that. Add Fastvue TMG Reporter - Real Time Reporting for Microsoft Forefront Threat Management Gateway and you get the reporting. Where it might not quite meet your needs is around the requirement for 'policing social networking sites'.
Last edited by psydii; 20th June 2012 at 05:05 PM.
20th June 2012, 04:58 PM #4
Soincwall filtering is shocking, i wouldnt use it if it was free!
20th June 2012, 05:20 PM #5
@glennda - I'll be getting in touch with Tom, thanks for the info.
@psydii - That Fastvue look quite impressive, we'll certainly have a look at that. Since we already have TMG, if it can be improved, it'll save the cash.
@FN-GM - I've heard some pretty awful things about sonicwall recently, I wasn't too impressed at BETT, Sales people tell you anything you want to here, though he stumbled when I asked why go for sonicwall over smoothwall.
Last edited by DEvans; 20th June 2012 at 05:22 PM.
20th June 2012, 05:34 PM #6
@DEvans We use sonicwall for SSL VPN. It works really well and we a chuffed. My old school used it for filtering, it was really bad!
20th June 2012, 05:40 PM #7
The filtering is by far one of the most important requirements of our solution. We need to have potentially three levels of filtering. One for Staff, One for Students during work time an one for the leisure network for students after hours. Don't want those hiding in their rooms playing the xbox all day.
Unfortunately if Sonicwall doesn't perform that well, then obviously we won't be going that way. I don't want to mix and match firewalls, ideally one solution, one supplier, one support contract.
Thanks for the info
20th June 2012, 05:43 PM #8
Tips for TMG:
Keep it up to date (Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2)
Add your DCs to the Flood Mitigation exceptions.
Make sure you've got your DNS configured right.
If using proxy clients (which you will be) if they are members of the domain make sure they use the FQDN of the TMG to make best use of Kerberos. For large numbers of non domain member computers that require authenticated access to the web you will probably need to monitor the load on the associated DC as they or TMG may struggle to keep up with all the NTLM requests. A way around this might be to authenticate at a captive portal and log the IP, or perhaps use RADIUS authentication for proxy clients in TMG.
20th June 2012, 06:05 PM #9
For Filtering Smoothwall is Top Dog. It can do filtering on what, When, who, Where filtering so filtering can be set up like that.
Originally Posted by DEvans
Thanks to glennda from:
tom_newton (21st June 2012)
20th June 2012, 07:35 PM #10
- Rep Power
Was about to say this, Forefront TMG seems to be ideally suited to your environment.
Originally Posted by psydii
20th June 2012, 08:03 PM #11
I would recommend Watchguard but you have knocked them on the head. It will easily do all that and maybe its me been biased but they are good bits of kit and simple.
20th June 2012, 08:10 PM #12
Watchguards are good but not up to scratch in terms of filtering required for a school - enterprise where filtering isnt a child protection isnt an issue its fine.
Originally Posted by MatthewL
20th June 2012, 08:56 PM #13
Not too up on the filtering side of things but I was under the impression it went off to a site and pulled blacklists down, don't quote me as filtering isn't a big thing for us.
20th June 2012, 08:59 PM #14
yes thats the problem - filtering via blacklists isn't that good on its own - smoothwall uses dynamic content filtering i.e it looks at each webpage and decides if it is ok or not (as well as blacklists for the obvious such as facebook etc).
Originally Posted by MatthewL
i do lots of work with watchguards (infact i'm installing 2 tomorrow). But for education i wouldn't use them.
22nd June 2012, 09:59 AM #15
you can install Pfsense on watchguards..... never tried it though.
Why not use pfsense anyway it has all of the features of most paid for solutions, it's really easy to configure and setup too ... all you need is an old PC to install it on.
By dleigh in forum Internet Related/Filtering/Firewall
Last Post: 9th June 2010, 03:42 PM
By cookie_monster in forum Wireless Networks
Last Post: 14th March 2008, 09:40 AM
By GrumbleDook in forum Windows
Last Post: 31st August 2005, 01:54 PM
By mac_shinobi in forum Coding
Last Post: 26th August 2005, 02:29 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)