What do you use?
Up until now we have used Smoothwall here but the tides are changing and with a renewal in April we are looking at moving away. So now we are looking for alternatives.
We are looking at two main options, one is to use TMG as our filtering and Smoothwall Express as our firewall. We are absolutely determined never to use a microsoft product as our public facing firewall so TMG will handle only internet filtering while Smoothwall Express will handle firewalling and DMZ.
Another option is to set up our own linux box with Squid (for proxy) and Dan's Guardian (for filtering) which is pretty damn close to what Smoothwall use (Might even be the same setup with a price tag for all I know)
A third option is to use Smoothwall Express for firewall and buy into something like Bloxx, however ideally we want an in house system that we control fully and the fact we already have TMG means that the first two options are free (which also means that if it goes t*** up we can just restore a full disk backup and have the net back within hours, not days.
Has anyone else setup their own semi-custom solutions like these or can recommend anything we might have missed?
Thanks for the linky, to be honest from the content of that thread alone I'm not really considering Lightspeed, basic URL filtering is old hat now, we don't whitelist here anyway, we run a blacklist system with Smoothwall's content analysis picking off the bad stuff (Need to check if Dan's guardian can do that.. hmm...)
Originally Posted by elsiegee40
Edit: LMFAO!!! I wasn't going to turn this into a smoothwall bashing thread but they've just made me literally lol now...
Long story short, rebooting the UTM caused an unrecoverable disk error, Smoothwall sent out a new appliance and got it delivered from Germany next-day (we pay £400/year for that kinda service)
Anyhoo, unit turns up but as part of registraton it needs a license/serial code, we dont want to start a new license so phone them to request details etc... That takes 3-4 hours before they actually get back to us (nice, in this time we have no net, no emails, no public sites etc...) get all that sent through over the phone but then get told that we can't run through the wizard based install ourself and that if we do it will effectively cancel our £500/year support contract. Instead we are told we need a proper engineer to install the unit. Now, let me clarify. "installing the unit" consists of plugging in a USB keyboard, network leads and a VGA monitor, running through a wizard based GUI to get the first NIC up and then using a web GUI to assign other networks to NICs and then setup filtering.
It took us a total of about an hour (3 of us working simultaneously) to get the unit setup to provide email, basic public site and full internal filtering.
Smoothwall would charge "around £1,000" for that... A THOUSAND POUND? Are you absolutely mad SW? Srs now, our renewal is up in April and I can assure you that you won't get a penny ;) Absolutely laughable. Not only that but in order to get an engineer send out our account manager needed to know what settings we want etc... then she could contact the engineer and book a date for him to come out. So Smoothwall's solution to an install is for us to pay over £1,000 and wait perhaps a week or more for an engineer.
Nice one. Absolutely hilarious.
Back on tangent, by coincidence the NM had a phone demo with Bloxx this morning, anyone have any feedback positive/negative on bloxx? I know we still need a firewall which will sort out in-house but from a filtering side of things is Bloxx any good? They seem to through around terms like "TrueView" but to me it just seems like clever use of weighted phrases which any other system can do anyway?
+1 for Fortigate & Lightspeed here.
Our filtering is handled by our ISD (our version of your LEA). Our firewall is an ancient Cisco PIX (hopefully soon ASA) and I use Squid internally for traffic logging with it authenticating against AD using Kerberos (filtering is setup as a cache peer). The traffic logs are parsed every night by SARG for viewing. All in all, it's a great setup and if filtering were passed back down to us, I'd use DG in a heartbeat.