Content Filtering and Firewalls

My 50 user office currently has a PIX506E firewall which works well,
but doesn't have Content Filtering and Website tracking. My owner
wants me to install these features on our network. My first option
was to go with WebSense, but my vendor recommended replacing the PIX
with a SonicWall TZ 190 since it has all the features I would want.
However I feel as though this is a step backwards from a corporate
firewall to a home office or small office firewall.

Does anyone have any recommendations on Content Filtering and Web
Tracking with Active Directory or RADIUS integration? What does
everyone think about the Cisco ASA products and is there one that will
meet all my needs while keeping the yearly renewals less than $1000?

David

Re: Content Filtering and Firewalls

On Aug 28, 12:06 pm, OtherCents wrote:
> My 50 user office currently has a PIX506E firewall which works well,
> but doesn't have Content Filtering and Website tracking. My owner
> wants me to install these features on our network. My first option
> was to go with WebSense, but my vendor recommended replacing the PIX
> with a SonicWall TZ 190 since it has all the features I would want.
> However I feel as though this is a step backwards from a corporate
> firewall to a home office or small office firewall.
>
> Does anyone have any recommendations on Content Filtering and Web
> Tracking with Active Directory or RADIUS integration? What does
> everyone think about the Cisco ASA products and is there one that will
> meet all my needs while keeping the yearly renewals less than $1000?
>
> David

I think Microsoft's ISA Server fits your requirements nicely (It's
software based, of course, so it'll be a bit of a deviation from your
current hardware train-of-thought). You'd need a multihomed box to set
it up on. Here are some links to get your research started:

http://www.isaserver.org/

Specifically, here is list of plug-ins that do content filtering and
observing:
http://www.isaserver.org/software/ISA/Content-Security/

Microsoft has third-party blocking partners. Not sure about pricing
though.
http://www.microsoft.com/isaserver/partners/accesscontrol.ms px

Check out MS's ISA community:
http://www.microsoft.com/technet/community/en-us/isaserver/d efault.mspx

Google is an IT pro's best friend:
http://www.google.com/search?q=ISA+content+filtering&rls=com .microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1
http://groups.google.com/group/comp.security.firewalls/brows e_thread/thread/c87246c773eaf914/aced50e039afb7f9#aced50e039 afb7f9

That should be a good start.


Nonapeptide

Re: Content Filtering and Firewalls

In article <1188442994.997010.113410@22g2000hsm.googlegroups.com>,
Nonapeptide@gmail.com says...
> On Aug 28, 12:06 pm, OtherCents wrote:
> > My 50 user office currently has a PIX506E firewall which works well,
> > but doesn't have Content Filtering and Website tracking. My owner
> > wants me to install these features on our network. My first option
> > was to go with WebSense, but my vendor recommended replacing the PIX
> > with a SonicWall TZ 190 since it has all the features I would want.
> > However I feel as though this is a step backwards from a corporate
> > firewall to a home office or small office firewall.
> >
> > Does anyone have any recommendations on Content Filtering and Web
> > Tracking with Active Directory or RADIUS integration? What does
> > everyone think about the Cisco ASA products and is there one that will
> > meet all my needs while keeping the yearly renewals less than $1000?
> >

I would suggest that you look at the WatchGuard line, they have AV,
content, web blocking, and you have built-in proxy services for HTTP and
SMTP that can remove files from the HTTP or SMTP sessions.

www.watchguard.com


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Content Filtering and Firewalls

In article <1188317207.915554.234690@22g2000hsm.googlegroups.com>,
OtherCents wrote:

> My 50 user office currently has a PIX506E firewall which works well,
> but doesn't have Content Filtering and Website tracking. My owner
> wants me to install these features on our network. My first option
> was to go with WebSense, but my vendor recommended replacing the PIX
> with a SonicWall TZ 190 since it has all the features I would want.
> However I feel as though this is a step backwards from a corporate
> firewall to a home office or small office firewall.
>
> Does anyone have any recommendations on Content Filtering and Web
> Tracking with Active Directory or RADIUS integration? What does
> everyone think about the Cisco ASA products and is there one that will
> meet all my needs while keeping the yearly renewals less than $1000?

The thing to keep in mind is licensing.

The minute you want to stick in a standalone appliance/piece of software
just to do URL filtering you typically have to license it per user,
which with 50 seats will not be cheap.

Odds are it will cost more than what your vendor suggested, which is to
replace the PIX with something that has "flat fee" content filtering
on-box - the trade off being that there is usually less granularity and
reporting available than there is with a standalone solution.