Alright, I think the only real solution is to move to using the webfilter as a gateway and set it to transparent proxy mode. Now the issue is just turning off NAT and the firewall, since we have another device that will do that. Does anyone have any idea how to do this in School Guardian?
Last edited by tldees; 11th June 2008 at 07:15 PM. Reason: Update
Sort of
You can't do it (particularly) in SG, although it will run reasonably happily on 1 NIC (put your gateway device in as the gateway on the interfaces settings page and ignore the external connection).
We can, however exchange SG for Network Guardian, which is our stand-alone filter box, and may well be more your cup of tea. Naturally this won;t incur any costs.
Give me a ring - this seems like the end of something which I missed the beginning of (if that makes any sense!). If we can work out what you are trying to do, i am sure I can figure out which product and which mode of operation suits you best.
Thanks for the reply. I'll talk to my boss about it, and see what he wants to do.
To give a little background information, we're currently trying to bring the webfilter in house since we have no control over the current webfilter. So we purchased School Guardian about 2 months ago, and are currently playing around with it to see this best setup. Originally we were going to go non-transparent, but issues with IE and "Bad proxy caching" caused some issues. Since we have laptops coming that we don't have control over, running a reg file on their machine wasn't an option. So we decided to go the transparent route, and run SG as gateway. I currently have it running on one interface, and was going to see if I could set the second interface as internal (to avoid NATing/firewall) and route between the interfaces.
We have pix as our firewall, and we'll be possibly moving to ISA, so we really don't need or want the NAT/Firewall capabilities. So is there any difference in the interface between SG and NG, or is it just SG without the firewall/nating capabilities?
Thanks.
Last edited by tldees; 12th June 2008 at 02:21 PM. Reason: Update
Yes, NG is just SG which is designed to work without the firewall.
Why not switch to using SG as the firewall? If you are planning to change anyway, its as good a time as any and is the best way to achieve transparency easily
Having said that, there are workarounds for the "bad proxy caching" issues. May be worth having a chat with our tech support team.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
