Anyone recommend Smoothwall Express?

[OverWorked]

Hello,

Does anyone recommend Smoothwall Express as a firewall & proxy? Rather than pay for ISA server?

Thanks.

[ICTNUT]

Hi Overworked,

I have done just that !

I got rid of ISA 2000/Windows 2000 in favour of Smoothwall 2.0 (Open Source) and DansGuardian Content Filter with Advanced Proxy 2.0

I have been so impressed with it at blocking stuff right down to specific words in pages themselves.

To get the best out of it I would suggest you really get into all the areas of the web based GUI frontend as there is so much that you can configure.

I am looking into the QoS addon which if it works the way I hope will be perfect for our VoIP and Video Confrencing.

Shout me if you need any help ;-)

[ChrisH]

After seeing ICT NUTs posting about this a few weeks ago I started reading the smoothwall forums again and will be moving over to it soon. It's always been a great product but there is a very good community there and more mods for it than you could shake a stick at.
I ahve never used ISA as I was put of by having to pay for it and the frequent complaints I have read about it. I have previously used Censornet and my own Linux proxy based on squid and DG. Soon as I get my hardware sorted I will be installing. Censornet was good but you had to pay for anything slightly difficult to sort out and it is fairly easy to break if your not careful. Adding extra stuff was pretty much a no no unless you really knew what you were doing.

[ChrisH]

Oh and im also liking the look of the Chillispot and Freeradius mod that someone is close to finishing for wireless access and authentication.

[OverWorked]

Thanks Ozan & Chris,

You've convinced me. I tried installing WSUS a few weeks ago, and even that has difficulty going through ISA. I've also had a lot of problems with other software & ISA - RM Securenet for one.

There's another issue: ISA was installed before I arrived here. I did a license audit recently and can't find any evidence that we've paid for it. Oops.

I'll have a go soon.

[ChrisH]

I believe there is a vmware image floating around on the SmoothWall forums so if you grab VMplayer you can try it out.

[webman]

I'd recommend IPCop (similar) so you can use the Classroom Extensions at www.advproxy.net. We've been using it for about 9 months now.

[ChrisH]

I just liked the smoothwall community more as there seems to be more support and mods and everything is better organized. I know mods are very similar for each but still

[webman]

I just liked the smoothwall community more as there seems to be more support and mods and everything is better organized. I know mods are very similar for each but still

I've always preffered IPCop for that reason and the way SmoothWall was heading at one point

[mark]

So does Smoothwall do the same as Censornet? I really like the look of the web front end to Censornet that staff could use for blocking etc.

I'm guessing that the snooping function is much the same.

[webman]

Not exactly the same IIRC. But there's an addon for IPCop (not smoothwall) that will allow for group/room banning based on IPs/Subnets/Ranges.

[mark]

ooh good - that'll be next to check out then

[ChrisH]

But it will be included eventually as it just on IPCop at the moment to beta test. It will eventually become part of the advanced proxy mod. You dont ahve the flexibility of Censornet for single machines and such but it works for rooms. You will need static or reserved addresses for your computers though until they implement Mac address to identify machines.

[ICTNUT]

I was going to say that the advanced proxy mod as it stands at the moment can do IP ranges as I use it all the time to kill the internet in the library at lunch times.

One thing I am really impressed with and few people mention is the cache ability, compared to ISA 2000 (not sure about ISA 2004) the average cache lasted around six unique requests, I know this can be altered but never really had much affect on bandwidth usage, however since putting in Smoothwall + Mods and having it running for about a month it has cut bandwidth usage by over one third.

This has been accomplsihed by caching the pages correctly and utilising the blocklist available at urlblacklist.com to remove 90% of ads from pages.

It just gets better the more I use it ;-)

[thom]

I need to implement a firewall to allow the teachers access to a web based app on a specific internal server from home.

The council provides our internet connection through a router of theirs on site. They said they will NAT a public IP to the server as long as we have our own firewall set up.

Is smoothwall express 2 a viable option?

Our router connects to a main switch that contains VLANs for the admin and curriculum network. At the moment the webserver has 2 NICs ( one for each VLAN to access).

I read an article in PC Plus on setting up Smoothwall in PC Plus and it seemed good but I'm not sure if it is the right thing to use.

Presumably I would create a new VLAN for the webserver and have that in a DMZ??? Would this work?

Any help would be appreciated.