Advice needed on content filter setup

[netadmin]

We are currently considering installing a new internet content filter on our campus. Right now, we have a very basic setup with router (DD-WRT) content filtering and Opendns.org filtering. We also have five access points connected directly to the wired network (no VLAN capable switches yet).

This setup works ok, but we have found we really need more logging and a bit more control than these solutions offer.

I am wanting all of the domain computers to silently connect to the proxy server, and log the username so that we can track student usage. I do not want students/staff to have to enter a username and password each time to use the internet on the domain computers.

I do want students/staff to be prompted for a domain username/password when they try to use the internet on a wireless laptop.

My plan was this:
-Purchase new basic Dell server to run Smoothwall Express and Advanced Proxy.
-Install new server in place of current router and activate transparent filtering
-Configure Advanced Proxy for Windows Server authentication (I was not sure if you can have this and transparent filtering at the same time. If not, are there any ways to eliminate the need for users to change proxy settings?)

I appreciate any and all input. I have previously tried to set this up in Vmware and to setup Dansguardian and both did not work well at all.

We have a relatively low budget for this.

[GrumbleDook]

We have a similar solution to what you describe.

We have a firewall in between all our machines and the router, with a Smoothwall box sat on the core switch. We use GPOs to force the Proxy settings, and the firewall to block traffic from all but a few machines. All web traffic for desktops and laptops has to go through the Smoothwall box.

We use AD authentication so users on windows do not need to authenticate, but Mac users just put in their usual username and password so no loss there.

We use CorporateGuardian as we just want the filtering, but if you are after the firewall as well then SchoolGuardian does the job well.

HTH

[tom_newton]

Thanks for the vote of confidence Tony
Claridentech: if I can do anything to help, please drop me an email/phonecall/PM etc.

[ICTNUT]

I would look at a possible appliance server that does both the firewall and filtering:

Bloxx (Content Filtering Only)
SonicWall (Firewall and Filtering)
SchoolGaudian (Firewall and Filtering)

The reason I say this is cost it would be more expensive to purchase a dedicated server (£1.5k), install an open bit of software to do your filtering and firewall (£free), configure and manage over time (£?????), Warranties (£????), Replacements (£?????)

If you get an appliance most of the time the install setup and replacement/warranty costs are built in so all you have to do is basic admin of the unit happy that all is covered if it goes wrong.

There are other types of appliance out there and i have mentioned only a few (these I have used in the past or am currently using) but if I can give you any advise DO NOT ACCEPT THE FIRST PRICE THEY GIVE YOU

[TronXP]

We have just had a BLOXX filtering server put in, to replace our NetPilot filtering server, and am very very impressed with the Bloxx, it works out cheaper than the netpilot was and its "TruView" (sp?) technology is also very impressive.

As said before we have this plugged into our core switch with a firewall between router and network. Then we force proxy settings in GPO. With us being in a Novell environment we auth to the BLOXX using LDAP.

[Ben_Stanton]

I went for a 'drop-in' box here, no regrets as of yet. Specifically a content filter, designed for that purpose and that purpose alone. No bells and whistles - it just works. Easy to use, I have confidence in support and replacement. Daily updates, regular firmware enhancements too. You can pull all the necessary reports out. Example, it sends one direct to head of boarding so she can see what has been going on over night when the little darlings are supposed to be asleep. Another, I look at 'most frequented' sites or by bandwidth and generally they are proxies so just block them in a click or two...

Barracuda 310.

Ben