+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Wired Networks Thread, Firewall, Filtering and Wireless to UTM in Technical; Hi, We currently use a Cisco 4402 WLC which is at its capacity of 50 AP's, A Bloxx Webfilter due ...
  1. #1

    Join Date
    Mar 2008
    Location
    Northants
    Posts
    22
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Firewall, Filtering and Wireless to UTM

    Hi,

    We currently use a Cisco 4402 WLC which is at its capacity of 50 AP's, A Bloxx Webfilter due for renewal and a Global Technologies Firewall which is backwards.

    The Bloxx unit is currently acting as a transparent proxy (cabled physically between core switch and firewall), clients use our Cisco core switch as the default gateway and this routes traffic to the firewall on a different VLAN (passing through the bloxx unit). The proxy isnt configured on clients, we use the bloxx sendlogon app which runs as logon and logoff scripts so the bloxx unit know who is on a particular machine, thus giving them the appropriate web filtering policy. The bloxx unit has to be configured this way due to our guest wireless network works, a proxy cant be configured. Also this allows us to webfilter smartphones and tablets etc which do login to our normal wireless network (authenticates against AD) but these get a general webfiltering policy as the bloxx unit doesnt know who is using the device.

    We recently had a representative from Sonicwall discuss there range of NSA devices which will combine the firewall, web content filter and WLC.
    This looks like an appealing solution as we can set this device as the clients default gateway, filtering will be transparent for any AD machines and any other wireless device. If we use the Sonicwall appliance for wireless authentication it'll know who is on what wireless device and be able to apply the correct web filtering policy unlike our existing solution.

    Does anyone use the Sonicwall devices for these purposes or does anyone have any other products that'll perform these actions?

    Thanks

    John

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    I'm slightly biased, but I would say come and talk to Smoothwall - many schools use our UTM. We're probably more education focused than Sonicwall (a bit more filter-oriented IYSWIM), although there's not a lot wrong with their kit. The advantage you will have there is integrated wireless, although similar levels of integration can be achieved separately.

    Certainly replacing firewall and inline content filter with a UTM is a common idea - it reduces from 2 points of failure to one.

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Plus 1 for smoothie, just going through the process of hopefully getting one myself - plus you get nice shiny mugs

  4. Thanks to glennda from:

    tom_newton (21st November 2011)

  5. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,440
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by glennda View Post
    Plus 1 for smoothie, just going through the process of hopefully getting one myself - plus you get nice shiny mugs
    Another very happy smoothie user here cannot recommend them highly enough great people, great product, great support (when its needed) so yup 10/10 for them

  6. #5

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,134
    Thank Post
    1,434
    Thanked 1,701 Times in 1,274 Posts
    Blog Entries
    2
    Rep Power
    365
    Used smoothwall before, blows bloxx right out of the water in every aspect - filtering, smoothy is far superior and allows whatever you deem fit through, bloxx has massive gaping holes!

    Firewall - Sonicwall is fantastic for business environments but education not so much, again I would switch to Smoothwall UTM for this, reason why not so good for education - needs to be lenient and there are just far too many options and variables that it can literally take months to get right (though when you do, just make a backup and you can reload it on if you ever have issues).

  7. #6

    Join Date
    Mar 2008
    Location
    Northants
    Posts
    22
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Many thanks for the replies.
    Has anyone used a Smoothwall UTM in conjuction with a wireless guest network? I wonder if it'll be possible to use NTLM for all the desktops etc and webpage auth for the wireless guest network?

  8. #7

    Join Date
    Apr 2007
    Posts
    381
    Thank Post
    7
    Thanked 80 Times in 62 Posts
    Rep Power
    39
    Quote Originally Posted by sturgeo View Post
    Many thanks for the replies.
    Has anyone used a Smoothwall UTM in conjuction with a wireless guest network? I wonder if it'll be possible to use NTLM for all the desktops etc and webpage auth for the wireless guest network?
    Yes you can.

  9. #8

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    Quote Originally Posted by glennda View Post
    Plus 1 for smoothie, just going through the process of hopefully getting one myself - plus you get nice shiny mugs
    Shiney new mugs eh! we didn't get them..but i suppose the fantastic pre/after sales and technical support more than makes up for that!

    Quote Originally Posted by sturgeo View Post
    Many thanks for the replies.
    Has anyone used a Smoothwall UTM in conjuction with a wireless guest network? I wonder if it'll be possible to use NTLM for all the desktops etc and webpage auth for the wireless guest network?
    We use (2x) UTM-1000 appliances with Ruckus Wireless, combined with VLAN'ing etc to offer a totally segregated guest/wireless provision.
    With the latest Guardian 3 filtering it offers you an abundance of non/transparent proxy and authentication options.
    You could use NTLM, whereas SSL Authentication is very flexible (especially for some mobile devices etc) and you can always filter based on location (ie. IP range.)
    The UTM-1000 can also handle all your DHCP,DNS & routing etc for either for your whole LAN or as we have done soley for the guest/wireless WLAN.

  10. #9
    mwbutler's Avatar
    Join Date
    Nov 2010
    Location
    Dorset
    Posts
    234
    Thank Post
    96
    Thanked 20 Times in 17 Posts
    Rep Power
    26
    +1 for Smoothwall and their support is excellent.

  11. #10

    Join Date
    Apr 2008
    Posts
    851
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Quote Originally Posted by nephilim View Post
    Used smoothwall before, blows bloxx right out of the water in every aspect - filtering, smoothy is far superior and allows whatever you deem fit through, bloxx has massive gaping holes!

    Firewall - Sonicwall is fantastic for business environments but education not so much, again I would switch to Smoothwall UTM for this, reason why not so good for education - needs to be lenient and there are just far too many options and variables that it can literally take months to get right (though when you do, just make a backup and you can reload it on if you ever have issues).
    I agree with this, we have Sonicwall and it awesome for enterprise but if I could choose again for education I d go for smoothwall

  12. #11

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,440
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by MYK-IT View Post
    We use (2x) UTM-1000 appliances with Ruckus Wireless, combined with VLAN'ing etc to offer a totally segregated guest/wireless provision.
    With the latest Guardian 3 filtering it offers you an abundance of non/transparent proxy and authentication options.
    You could use NTLM, whereas SSL Authentication is very flexible (especially for some mobile devices etc) and you can always filter based on location (ie. IP range.)
    The UTM-1000 can also handle all your DHCP,DNS & routing etc for either for your whole LAN or as we have done soley for the guest/wireless WLAN.
    That be exactly what we have again with Ruckus at my school, we use the SSL Login feature for students bring your own devices they use the AD credentials and it lets them through on there iPads, Android Phones etc and they are very happy with it

  13. Thanks to john from:

    tom_newton (22nd November 2011)

  14. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,402
    Thank Post
    797
    Thanked 1,591 Times in 1,394 Posts
    Blog Entries
    10
    Rep Power
    428
    Quote Originally Posted by FN-GM View Post
    Yep, the actual solution was good but to points.

    1. The access points where junk anyways breaking and needing to be power cycled.
    2. The filtering on the Sonicwall is useless never seems to get anything. Sonicwall doesnt seem to believe in blocking proxy sites.

    Because of these 2 points i wouldnt be using that solution.
    Ignore that last comment, i thought you said Sonicwall. It was late when i posted that.

    To confirm Smoothwall is an excellent product.

    Sorry

  15. #13

    Join Date
    Mar 2008
    Location
    Northants
    Posts
    22
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for the replies, i'll look into the Smoothwall solutions.
    We'd be setting this device up as the clients default gateway, no proxy settings at all. Is this how most people have it configured and is it able to filter HTTPS traffic this way?

  16. #14

    Join Date
    Mar 2008
    Location
    Northants
    Posts
    22
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Sorry, 1 last question i promise
    Is anyone using the Anti-Spam features? we host our own exchange 2010 servers and have a websense email filter and ideally we'll like to remove it.

  17. #15

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    I'm going to be when i move over to it if i'm allowed to do it!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Untangle Web Filter and Firewall
    By m8ttysmith in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 7th March 2011, 04:55 PM
  2. Free MSI Creation and how to do it
    By daverage in forum Wireless Networks
    Replies: 1
    Last Post: 22nd November 2005, 10:03 AM
  3. Replies: 2
    Last Post: 1st October 2005, 02:55 PM
  4. School networks and aid to Africa. A comparison.
    By Dos_Box in forum General Chat
    Replies: 14
    Last Post: 5th July 2005, 11:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •