• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Proxy Server/Web Filtering Software

K

kevnich2

Platinum Member
A simple background, I'm wanting to add in a proxy server for web filtering. This would be for around 40 users. I'm wanting a very feature rich product in which I can do an array of things including filtering all websites except certain allowed sites from certain users (based on username, computer name, IP address, etc, etc). I'm also wanting the ability to limit certain user's bandwidth usage (both upload and download), for users that have access to all webpages, if they go to an unallowed site, prompt them saying it's not allowed, etc. I'm also looking into possibly having a user be given a login screen where they login and have to accept the company's internet policy as well. I'm also wanting the ability to block things like streaming music, outside IM programs, etc. I'm looking at a price between $500-$1,700.

I'm coming up with a large list of various server software packages that can do this but I'm also wanting opinions from people who are actually using this type of software. Thanks advance.
 
squid could probably do all these things (I have only used it a little)

ISA could do this, but costs money (not sure on price)
 
I don't know of any proxy server that can do ALL of the things on your list. But my only in-depth experience is with ISA Server. ISA 2004, possbily using add-ins, can certainly do most of the things you ask. I have five or six clients who use ISA to:
---------------------------------------------------------------
Block certain web sites. Note that there are free "which sites are porn" lists for ISA, but, normally, you'd have to use a 3rd-party paid add-in to keep track of the good site/bad site listings.

Much easier is to allow ONLY the "good" sites needed for people to do specific jobs. This can work for those who don't need "general" web access.

Block most IM protocols, selectively. This can be done on a User-by-User basis.

Deny other protocols (FTP, RDP, etc.) on a User-by-User basis.

Allow/disallow access to the Internet on a User by User case

Monitor web site access by User
-----------------------------------------------
ISA is around $1500, unless you use Microsoft's Small Business Server 2003, Premium Edition, in which case it's included. SBS 2003, Premium Edition, can be purchased for as little as $800 nowadays.

One thing to note is that no matter which software you use, you'll spend a LOT more money learning how to configure it than you will on the software itself. Such in-depth configuration of complex firewalls and proxy servers is very time-consuming.

Regarding a page that shows your Internet Policy: Consider just having each person sign a paper, on a yearly basis, that shows that they've read the Company's Internet Policy and agree to it. Be prepared to ENFORCE the Policy.
 
SirfControl may be a good add in to your case as well. ISA is excellent as a proxy and Surfcontrol integrates nicely with ISA for some of the other things you want to do.
 
Actually, I just realized our main server is SBS 2003 Premium. For those that have this installed, can the included ISA 2004 be installed on a separate server (Windows 2003 Standard). I want to install this on a test machine first and get it configured and usable BEFORE installing it on our main production server (I prefer not to take our server down due to something not quite installing correctly)
 
not sure if it's still there, but there was a trial for ISA (think it might have been beta though) that was good for like 2 months??
 
When you first install ISA 2004 onto SBS 2003, about the worst thing that will happen will be that Users won't be able to access external FTP sites and a few other non-HTTP sites. Most of these problems can be quickly fixed in an emergency by setting up a new Firewall Rule giving "All Users" access to External sites using "All Protocols". That lets everything out while not opening up anything coming in.

If you don't already have it, you'll need to ORDER the SBS 2003 Premium Edition, SP1. That's what gives you ISA 2004, rather than the default ISA 2000 that originally came with SBS 2003 P.E. Wherever you install ISA 2004, be sure to install the SP2 and subsequent patches. Be sure to pick up a good book on ISA and read it. ISA is pretty simple to get running, but the "extras" are bit difficult the first time.

The ISA 2004 trial version download is available here.
 
Well, the worst thing for us is that after I installed ISA 2004 to our SBS server, all exchange email has stopped coming in (on my test SBS server). I'll have to look at this in a bit. Any ideas?
 
I have quite a few SBS 2003 Servers with ISA 2004 installed, and I've never seen a problem with Exchange at all. It's always come up immediately.

When you run the "Connect to the Internet" Wizard, it sets up a Firewall Rule in ISA that allows Inbound SMTP traffic to the SBS Server (LocalHost) and a second Rule that allows Outbound SMTP traffic. That's all you should need. (Except for the OWA and RPC over HTTPS traffic, which have their own Rules.)

Just keep in mind that, by default, ISA allows ZERO traffic to/from the Internet. You have to ALLOW traffic before it can flow. The Wizard in SBS sets up twenty-plus Rules that allow for the basic function of SBS. Note, also, that if you want to control or monitor traffic by User, you'll have to force User traffic to be authenticated, either via Web Proxy or Firewall Client. SecureNAT clients can't authenticate, so you won't know who they are (by User).

If you have a Test SBS Server, are you forwarding all the SMTP traffic to it from your Router (if you have one)?
 
Ok, I'm also assuming then that RDP over the internet won't work but if I VPN into the network and RDP into the SBS server, that will work? So it will allow network traffic flow from the internal network but nothing from outside IP addresses (internet IP's)?
 
Originally posted by: kevnich2
Ok, I'm also assuming then that RDP over the internet won't work but if I VPN into the network and RDP into the SBS server, that will work? So it will allow network traffic flow from the internal network but nothing from outside IP addresses (internet IP's)?
Click to expand...
It's simplest to use the SBS Server as the VPN Host. When you do that, it's a one-click operation to set up a PPTP or L2TP VPN using ISA. Be SURE to let ISA configure the VPN for you (there's a whole VPN section in ISA). Don't mess it yourself. ISA takes over most RRAS functions of SBS 2003 and messing with RRAS is not a good idea unless you know exactly WHY you are doing it.

RDP from the External network is also set up for SBS when you use the CEICW Wizard and enable Termina Services during the Wizard.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top