If you want to control traffic at app-level and have the £££ Palo Alto is well worth looking at... not cheap but it's very powerful. Content filtering might not be up to your standards though but seems Smoothwall is the only well-known one that really covers education primarily.
Watchguard have been mentioned quite a bit, but like I said I think it doesn't provide the true needs of a school. Smoothwall does seem to be the ideal solution as their support for schools is also very good.
We have looked at a hell of a lot. I just want to have a proper big brother of the network. Who did what, when and what computer.
Sounds like a silly question but can smoothwall also monitor internal Exchange emails. We have Exchange 2007 (going to 2010 soon) and it's all well and good monitoring what comes from the outside world, but bullyinging etc occurs internally and we want the evidence to help crack down and punished the right students over situations like this.
Not internal mail but if you get something like impero/securus that will do client side monitoring and take screen shots of offending material.
We use Sonicwall as the primary firewall and can't sing it's praises high enough.
The VLan support allows it to segregate all physical and logical segments at the firewall creating access rules for each interface as needed.
The detail and granularity of control seems to do everything we throw at it and personally I find it incredibly easy to understand and the application and bandwidth control features are really good however, I have to agree that the content filtering system and more importantly it's management is not as easy to control or manage as other solutions.
The Sonicwall relies on a rather annoying agent/service for AD integration and getting it to deliver the correct group membership and ultimately the correct level of filtering to the end user takes a lot of careful planning.
Users inherit content filtering policies based upon AD Group membership, the default policy is and should remain the strictest policy you create alternative policies and link these to your AD groups.
Sounds easy until the agents suddenly stop working and everybody suddenly inherits the strictest policy with the resulting Helpdesk calls to say teachers cannot reach their hotmail or YouTube!
Which is probably why Sonicwall offer integration with Websense Enterprise Appliances!
Given the choice personally I would always go with the Sonicwall as my firewall and UTM device as you can't get away from the fact that it is what it is, a Firewall device first with a content filtering option!
If filtering however is your primary requirement then maybe the smoothwall is your better option or an inline cache/filter appliance.
Yes we have a lot of fun and games with Sonicwall(we have E5500) Looked after by our ISP but recently getting more involved with settings etc. agreed that Content filtering not it's strongest point(keyword blocking being weak point, very limited)
As a Firewall it just works. We will be installing Lightspeed Bottle Rocket Filtering device to take over CFS when we go BYOD.
Interesting. I have heard of screen capturing software, another one that is used in our county is Policy Central by Forensic. I like the overall Idea of them, but the maintenance is a nightmare with so many false positives. Takes a long time to fine tune it, though I haven't played with those mentioned above, i'll have a look into it.
Originally Posted by glennda
I suppose with the ability to prevent attachment types etc within Exchange itself, there is little need for an firewall to monitor internal mail. I'm thinking too much e-safety and not network security.
Thanks for the info.
Problem with anything looking for key words in always going to be false positives i'm afraid. Until a computer can work out contexts around what is being said. At my last place the most "at risk user" for about 5 months was the business manager as she was arranging lots of meetings! and phrases like I'll meet you etc etc.
Originally Posted by DEvans
You could do a basic set of rules like the above inside exchange with transport rules and have them BCC'd to a mailbox but it would be a nightmare to keep up to date and monitor.
Hi, the College I work at also has a Halls of Residence and we use a Smoothwall UTM-3000 box to handle all our filtering/firewall needs - will do everything on your list.
We've had the UTM-3000 in for about 7 months now and haven't had a single problem with it, the UTM-3000 has 6 network cards (which are VLAN capable), with our current setup we've got them plugged into our JANET router, one into a backup broadband line, DMZ, LAN and guest/halls wireless.
We basically run the halls of residence wireless as an untrusted zone and allow it access to services in our DMZ - which are the same services other students can access from home.
Biggest issue we get frm our residents is high bandwidth applications (ipalyer etc...) we bought the traffic shapping module for Smoothwall but haven;t implemented it yet - planned for the summer, along with a second UTM-3000 box to give us active/passive hardware failover.
Good to hear someone in a similar (if not identical) situation.
Thanks everyone on your opinions, i've got a call coming my way this morning from Sean Lazenby at Smoothwall, looks pretty clear on what is the overall best solution for our situation.