Wired Networks Thread, Firewall, Filtering and Wireless to UTM in Technical; Hi,
We currently use a Cisco 4402 WLC which is at its capacity of 50 AP's, A Bloxx Webfilter due ...
21st November 2011, 12:25 PM #1
- Rep Power
Firewall, Filtering and Wireless to UTM
We currently use a Cisco 4402 WLC which is at its capacity of 50 AP's, A Bloxx Webfilter due for renewal and a Global Technologies Firewall which is backwards.
The Bloxx unit is currently acting as a transparent proxy (cabled physically between core switch and firewall), clients use our Cisco core switch as the default gateway and this routes traffic to the firewall on a different VLAN (passing through the bloxx unit). The proxy isnt configured on clients, we use the bloxx sendlogon app which runs as logon and logoff scripts so the bloxx unit know who is on a particular machine, thus giving them the appropriate web filtering policy. The bloxx unit has to be configured this way due to our guest wireless network works, a proxy cant be configured. Also this allows us to webfilter smartphones and tablets etc which do login to our normal wireless network (authenticates against AD) but these get a general webfiltering policy as the bloxx unit doesnt know who is using the device.
We recently had a representative from Sonicwall discuss there range of NSA devices which will combine the firewall, web content filter and WLC.
This looks like an appealing solution as we can set this device as the clients default gateway, filtering will be transparent for any AD machines and any other wireless device. If we use the Sonicwall appliance for wireless authentication it'll know who is on what wireless device and be able to apply the correct web filtering policy unlike our existing solution.
Does anyone use the Sonicwall devices for these purposes or does anyone have any other products that'll perform these actions?
IDG Tech News
21st November 2011, 12:36 PM #2
I'm slightly biased, but I would say come and talk to Smoothwall - many schools use our UTM. We're probably more education focused than Sonicwall (a bit more filter-oriented IYSWIM), although there's not a lot wrong with their kit. The advantage you will have there is integrated wireless, although similar levels of integration can be achieved separately.
Certainly replacing firewall and inline content filter with a UTM is a common idea - it reduces from 2 points of failure to one.
21st November 2011, 12:49 PM #3
Plus 1 for smoothie, just going through the process of hopefully getting one myself - plus you get nice shiny mugs
Thanks to glennda from:
tom_newton (21st November 2011)
21st November 2011, 11:43 PM #4
22nd November 2011, 12:02 AM #5
Used smoothwall before, blows bloxx right out of the water in every aspect - filtering, smoothy is far superior and allows whatever you deem fit through, bloxx has massive gaping holes!
Firewall - Sonicwall is fantastic for business environments but education not so much, again I would switch to Smoothwall UTM for this, reason why not so good for education - needs to be lenient and there are just far too many options and variables that it can literally take months to get right (though when you do, just make a backup and you can reload it on if you ever have issues).
22nd November 2011, 01:18 PM #6
- Rep Power
Many thanks for the replies.
Has anyone used a Smoothwall UTM in conjuction with a wireless guest network? I wonder if it'll be possible to use NTLM for all the desktops etc and webpage auth for the wireless guest network?
22nd November 2011, 01:43 PM #7
Yes you can.
Originally Posted by sturgeo
22nd November 2011, 01:45 PM #8
Shiney new mugs eh! we didn't get them..but i suppose the fantastic pre/after sales and technical support more than makes up for that!
Originally Posted by glennda
We use (2x) UTM-1000 appliances with Ruckus Wireless, combined with VLAN'ing etc to offer a totally segregated guest/wireless provision.
Originally Posted by sturgeo
With the latest Guardian 3 filtering it offers you an abundance of non/transparent proxy and authentication options.
You could use NTLM, whereas SSL Authentication is very flexible (especially for some mobile devices etc) and you can always filter based on location (ie. IP range.)
The UTM-1000 can also handle all your DHCP,DNS & routing etc for either for your whole LAN or as we have done soley for the guest/wireless WLAN.
22nd November 2011, 01:50 PM #9
+1 for Smoothwall and their support is excellent.
22nd November 2011, 01:53 PM #10
I agree with this, we have Sonicwall and it awesome for enterprise but if I could choose again for education I d go for smoothwall
Originally Posted by nephilim
22nd November 2011, 05:13 PM #11
That be exactly what we have again with Ruckus at my school, we use the SSL Login feature for students bring your own devices they use the AD credentials and it lets them through on there iPads, Android Phones etc and they are very happy with it
Originally Posted by MYK-IT
Thanks to john from:
tom_newton (22nd November 2011)
22nd November 2011, 10:49 PM #12
Ignore that last comment, i thought you said Sonicwall. It was late when i posted that.
Originally Posted by FN-GM
To confirm Smoothwall is an excellent product.
23rd November 2011, 09:32 AM #13
- Rep Power
Thanks for the replies, i'll look into the Smoothwall solutions.
We'd be setting this device up as the clients default gateway, no proxy settings at all. Is this how most people have it configured and is it able to filter HTTPS traffic this way?
23rd November 2011, 09:44 AM #14
- Rep Power
Sorry, 1 last question i promise
Is anyone using the Anti-Spam features? we host our own exchange 2010 servers and have a websense email filter and ideally we'll like to remove it.
23rd November 2011, 09:46 AM #15
I'm going to be when i move over to it if i'm allowed to do it!
By m8ttysmith in forum Internet Related/Filtering/Firewall
Last Post: 7th March 2011, 05:55 PM
By daverage in forum Wireless Networks
Last Post: 22nd November 2005, 11:03 AM
By tosca925 in forum Windows
Last Post: 1st October 2005, 03:55 PM
By Dos_Box in forum General Chat
Last Post: 5th July 2005, 12:36 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)