Opinions Needed: Firewalls and Proxys

I have been tasked with researching options for a firewall/proxy server to get a handle on internet access here at work.

I’d like your opinion on a good product that perhaps you or your company use for the same purpose. It should be a solution that allows excellent reporting and also allow me to restrict or grant access to websites that management deems necessary.

This all came up after someone used the internet to access sites he shouldn’t have. It makes me sick when I have to report something like that since it always ends up with people getting written up or fired. If I can prevent that with a proper setup then I’m all for it.

Your thoughts are appreciated, thanks!

How big a company, how many locations, and what’s your budget?

We’ve got Smartfilter…it runs on Cisco Content Engines and Microsoft ISA Server (amongst other platforms, that’s just what we’re using it on) and it’s a GREAT product that works better than Websence, which it replaced.

It’s got some nice features that nicely sidestep the ‘employees are thieves’ connotations. You can block, coach (we don’t think you should be doing this, but if you are, go ahead), schedule times (pr0n surfing on tuesday from 9 to 10 am only), and my favorite: Delay. Every hit to ebay can be made take 30 seconds. Frustrate them enough with the sites they’re not supposed to go to and they’ll go back to work.

Great reporting tools too. The fact that it reduced our outbound web traffic by 48% didn’t hurt either.

Thank you very much for the info, thats a great place to start looking. We have one location, about 120 internet users. I haven’t been assigned a budget for the project yet, still in the investigative stage. I figure between $5000-$8000 for the total package including hardware. I’ll look into Smartfiler now, thanks again for the tip!

That’s a pretty realistic dollar amount. I think we spent 14000 the first year (Includes the server - a Cisco Content Engine), then 9000 a year for renewals (the web filtering database is constantly updated to add new sites).

That’s the cost for 1100 clients in State government. It’s based on number of users, not number of sensors…so you could have two servers handling two locations and still spend the same amount of money for the software. So, you cost will be less due to number of people, but more per person based on less purchasing negotiation power than the State of Colorado.

You might want to try Barracuda Networks.

I had fantastic success with their anti spam filter, and it looks like they have a new appliance that also does web filtering & recording.