Cost Effective Web Filtering - AD Support

[marley1]

What do we have for this?

Have a client of about 30 workstations and wants to web filter. Normally we can do OpenDNS and be done but they want integrated with AD. Filter staff, no Filter for Management.

Looking for the most cost effective solution.

Also what about for smaller sites that still want AD integration?

 

[Cerulean]

The suggestion I got last time was using pfSense, to dedicate one of the NICs as a second WAN port (configured for one of our multiple external static IP addresses), and using a newly creating VLAN to segregate managers from the rest of the company. Use a different DNS or something on that NIC. I never wound up doing that though as I was looking for something simpler.

The main con about OpenDNS is that it doesn't have AD integration or any features for intelligent filtering for very specific users, but something like this would likely require like a pfSense/DD-WRT module, or who knows -- I'm not a programmer or network engineer. :X

 

[goodcooper]

untangle will do all of that fairly easily... you'll have to pay for the AD integration though...

 

[Jay_2]

Squid proxy and dans guardian will do it.

 

[timberdoodle]

Well, as much as it pains me to suggest it, OpenDNS has AD integration. That said, I hate it but its probably a good option for you.

 

[marley1]

Sorry no open source. Looking to purchase an item.

No untangle

OpenDNS requires a VM to be running.

Rather have piece of hardware

 

[timberdoodle]

Websense, sonicwall, Palo Alto, Fortinet.

 

[/usr/home]

Barracuda.

 

[staticlag]

http://www.smoothwall.net/product-library/guardian-web-filter/smoothwall-swg-700/

 

[Nicklebon]

Another vote for Fortinet.

 

[green91]

I manage several fortinet devices, they are pretty decent with the newer firmwares (4.0mr3). But any appliance filter you get is going to be very costly for only 30 users.

 

[CiscoInside]

Barracuda.

+1.

 

[Cerulean]

Well, as much as it pains me to suggest it, OpenDNS has AD integration. That said, I hate it but its probably a good option for you.

oh it does? : o

/googles

EDIT: Well what do ya' know, http://www.umbrella.com/ -- I'm wrong, and something new. cooool

 

[marley1]

http://www.smoothwall.net/product-library/guardian-web-filter/smoothwall-swg-700/

Idea on price?

They declined Barracuda price.

 

[staticlag]

Idea on price?

They declined Barracuda price.

I think its like $1500 or so.

I've used their software before and its very easy to setup and administer.

 

[Wrench00]

I can't speak highly enough of sonicwall. Its fairly cheap for a UTM it works very well especially with AD. Very easy to setup.
TZ215 will do everything + other stuff. Multiple CFS policies, app filtering, and other AD assignable functions.

I use this in couple small school to the great frustration of the students that try to break it all the time. I also have a larger deployment for about 500+ students it pisses them off to no end.
I have it setup on multisites as well so I know very well how it works.

 

[jaddy]

AoBo Porn Filter. http://www.merlinhelpsstudents.com/forum/forum_posts.asp?TID=575

 

[k1pp3r]

I hate to say it but Sonicwall looks like your choice,

Technicall you could get 30 users on a TZ100 but that may be pushing it with security services enabled.