We've been using Smoothwall for years but will be carrying out testing of others next term before our renewal so this threat is very interesting. Would like to move to an appliance over buying in our own server to run our filtering, if money allows that is. Smoothwall, Censornet, Lightspeed, Sophos and iboss all on testing list at present.
We use BLOXX. It's fairly expensive at around £3K per year, but for ease of use and featureset I can't complain, and it has completely killed ALL anonymous proxy use. The pupils hate it! :D
Lightspeed all the way for me. 4k'ish + vat for 3 years was a no brainer!
Some useful info here. Will be starting to look at these solutions in the New Year, particularly SW and LS. Looking for an all in one solution to replace our current squid based system and the threat of ipads looming! They are on my BETT hit list for Jan.
We have been supporting Sophos web appliances in 48 schools in one local borough for over 3 years now and find them to be fantastic. I would always recommend them for anyone!
You have to license them and then purchase hardware appliances but, if you have a VM infrastructure in place, you just need the license and they will send you a VM image you can run!
The integrate perfectly in AD and work like a charm!
This is the evaluation of Lightspeed vs Smoothwall that I sent to the senior leadership team:
We are currently using a mixture of a commercial product called Smoothwall and an open source product called Dansguardian. The shortcomings that we have experienced with these systems are: speed, ease of use (for staff/students) and support.
We looked at similar systems including Bloxx and Lightspeed. Bloxx is rather expensive and quite limited. We were impressed by Lightspeed as it fulfilled the shortcomings that we experience with smoothwall. We entered into a 4 week trial of lightspeed in mid November. During this trial we also spoke with other schools using lighspeed.
Although we were impressed with many aspects of Lightspeed we found a design flaw: The system relies heavily on software that is installed on each laptop/telephone/PC/mac/tablet. The problem that this presents is that the company must keep the product updated for every version of laptop/telephone/PC/mac/tablet that we use. From experience of using the product we do not believe they are able to keep their product updated for multiple devices. We found significant issues with the software when using Citrix and the laptops in the Library (linux). We heard of further issues with ipads and we would expect more issues when manufacturers of tablets etc update their products.
Following this experience we took another look at Smoothwall: The physical machines that we use for Smoothwall are due to be replaced and they do not cope well with the potential 1100 devices that we have in school. We are hopeful/confident that replacing these servers and using the latest version of Smoothwall will alleviate these problems. We had previously budgeted to do this. We have also investigated simplifying the process of staff/students using Smoothwall. We are now confident that we can use a system called Web Cache Configuration Protocol (WCCP). WCCP means that staff/students will not need to enter any proxy settings into their devices because the content filtering will be transparent.
Although we are still concerned about the level of support we receive from smoothwall we have decided to continue using the system as we are confident that we can support it in-house. We have purchased a dedicated machine for this purpose and we intend on signing a three year contract in June 2014.
• Active Directory, LDAP, eDirectory, Open Directory, and OpenLDAP
• Transparent Single Sign-on for Active Directory using server-side plugin, proxy, or NTLM
• Mac OSX logon/logoff scripts (controlled server side)
• Real-Time Directory Server Sync
• Individual User Login Creation (SuperUser)
- Web portal capture page for BYOD devices
- Mobile agent can also be installed on laptops if desired
We are using the AD plugin installed on our AD servers and Mac logon/logoff scripts - both work very reliably. The iBoss works seamlessly for Mac, Windows, or Linux. We are also able to set default filtering for our WiFi VLANs for iPad filtering and you can use the capture portal page with mobile devices as well. Additionally, iBoss has the MobilEther solution for MDM and filtering that will follow the device wherever it goes.
I make not a single dime from telling you this because there is not a single distributor for the iBoss in all of Australia - I have never seen any web filter even approach the functionality of the iBoss, and they are fantastic value at twice the price for what they are capable of doing. I don't care what you are using, the iBoss is worth a look.
New here. I use iBoss also. I agree with seawolf. I have been using it for about 2 years. Youtube has a few videos that show basic setup but there is so much more it can do. it is a very powerful unit. that is my opinion only. I also do not get paid for this.
The Agent in question above is not mandatory but optional, there are OSX, Windows, and Linux versions, and is generally recommended for managed wired devices and gives a very detailed view of client authentication events plus other useful information. A centralised DC agent can also be used, authentication on block messages, 802.1x for integration with wireless systems authentication such as Radius, and various captive portal options for BYOD or guest devices (unmanaged).
Also, incase it helps:
WCCP has been around a long time. Check out its abilities to filter HTTPS traffic before jumping.
If thinking of authenticating every session with a challenge like NTLM and you should check scalability...web 2 .0 creates lots of sessions.
Authentication is always a great topic of discussion but not that's straightforward when dealing with mixed environments and operating systems.
Look forward to more discussion :)
The non client transparent option is virtually unusable for example if you need to be able to log into an https site.
Light speed is a superb system if you've got a bunch of regular windows or Mac workstation and it has some really awesome features. Don't hold your breath if you want it to work with all devices. Hence our move to WCCP.
CyberNerd I can only apologise that you have received that information, it's not correct. If you pm me your school I can look into why this happened.
Browser updates have no bearing on our filtering ability, and the solution is browser agnostic. The last iOS7 update meant that safari checks in before loading with a cloud service, and this fix was available immediately upon release of iOS7
Lightspeed also fully supports Chromebooks, and we have several Chromebooks only customer sites.
Again, my apologies you received this incorrect information.
Happy to answer any other questions anyone has around this here or via PM