Our new hardware arrived yesterday, exciting!
I have used light speed for about 3 years, first TTC8 then the new rocket. The agent on all the PC’s is nice, because I can set different filters for staff students, subnets etc and it is mostly transparent.
I however do not have a say in the matter, our filtering and firewall is all handled by our ITC . They have the light speed box setup with tiered administration so each school can manage their own settings.
I am glad to see light speed support on here now, even on my local listserv light speed seems to me a minority.
I’ll start another thread so I don’t hijack this one with my question.
Just had lightspeed in, got to have a little play with their demo box and i really like the look of it and my big campus (we're currently with uniservity which is dire) lots more to consider, just bloxx to look at next week now :)
Really looking forward to the day we get whichever option we go for in, the improvments for us a huge.
can BLOXX do transparent proxy now?
Well with the amount of mobile devices around found Lightspeed really offers that educational focus and links to so many resources with My Big Campus. This seems to be a good alternative to the overweighted VLE's out there and opens up to a wider audience.
Great app for iOS
Finally I've had a presentation from all 3 big suppliers, had a play with the software from all 3 and given all companies a damn good grilling. I think from my questioning and investigation of all 3 companies I've decided that I'm going to have a bloxx trial first. Bloxx looked like the better filter, i liked their software and while they don't have all the features in place that we want yet they certainly seemed to be on the case. After that I'm going to test lightspeed, they had all the features we wanted and more but potentially weren't as good in the area of blocking out unwanted pages, really liked my big campus though!
In the end, we decided to go for Smoothwall. Lightspeed gave us a trial and my old school let me run a comparison against the Smoothwall there. Lightspeed definitely has the better user interface. The biggest feature I wanted that Lightspeed was missing was HTTPS interception and decryption - it can log the domain off the certificate, but not the full URL.
Smoothwall seemed to be somewhat better in blocking my attempts to access dodgy material through the filter. However I have to say the dynamic analysis does not seem to do as much as I feel it should - most of the blocks I hit on Smoothwall seemed to be down to the URL lists. I tried to do Geoff's test "Ask them to filter a big dynamic website like Edugeek." Edugeek did not seem to have enough questionable material on it, so I tried deviantart.com as a tricky case - a lot of innocent images, but also a lot of smut and social features. As far as I could see Smoothwall has the whole site in "non-pornographic nudity" and did not distinguish the pages much between the pages - once I unblocked that, I could sign up to the site and get into everything I tried. Maybe it is just too hard to distinguish "pornographic" from "non-pornographic" nudity - not sure people are much good at saying what art is either.
I would be interested to know if Smoothwall can suggest a site that would really show their dynamic page analysis in action.
I regret not giving Bloxx more of a chance. I would have liked to see how they compared.
Thanks for going with Smoothwall. Difficult to give such examples tbh - if we know of em, they go in the blocklist, that's our first line of defence, and we keep it pretty complete (helps in situations where we have less information on the traffic, eg if someone doesn't want to inspect https).
One really useful feature of the content filter is fast moving sites: try proxies, if you get a newish one, or one which has escaped our glance, that will get content filtered, or for example certain google searches, or online games sites are a good contender for being content filtered. Yes, you'll sometimes get parts of a site filtered where others aren't but i tends to be very temporal - particular articles or posts.
Worth noting that Bloxx don't content filter anything that's in their list; period. So if edugeek is marked as "forum", then its a forum. (Willing to be corrected if that's old info). Smoothwall's G3 applies all filters to all requests and then decides according to policy (unless you explicitly state otherwise: that, folks is the difference between "allow" and "whitelist").
[QUOTE=Jollity;951131] The biggest feature I wanted that Lightspeed was missing was HTTPS interception and decryption - it can log the domain off the certificate, but not the full URL.
Not strictly true.
There is full blown proxy service on the rocket appliance that you can use for MinM HTTPS interception. We also use it for the MDM global proxy payload on IOS. It will log and block etc HTTPS the same as HTTP traffic.
Most customers do not use it as the SSL decoder does an excellent job, but it is there for those that feel they need it, plus it can be used selectively I.e for curriculum network, but not for BYOD or guest networks where proxy settings might be intrusive, prohibitive, or just an administrative burden.
The transparent bridge will also log and monitor the other 65533 TCP and UDP ports.
This would be the lightspeed that's "not a proxy of any kind" - I see. :)