Content Filtering and Firewalls

My 50 user office currently has a PIX506E firewall which works well, but doesn't have Content Filtering and Website tracking. My owner wants me to install these features on our network. My first option was to go with WebSense, but my vendor recommended replacing the PIX with a SonicWall TZ 190 since it has all the features I would want. However I feel as though this is a step backwards from a corporate firewall to a home office or small office firewall.

Does anyone have any recommendations on Content Filtering and Web Tracking with Active Directory or RADIUS integration? What does everyone think about the Cisco ASA products and is there one that will meet all my needs while keeping the yearly renewals less than $1000?

David

Reply to
OtherCents
Loading thread data ...

I think Microsoft's ISA Server fits your requirements nicely (It's software based, of course, so it'll be a bit of a deviation from your current hardware train-of-thought). You'd need a multihomed box to set it up on. Here are some links to get your research started:

formatting link
Specifically, here is list of plug-ins that do content filtering and observing:
formatting link
Microsoft has third-party blocking partners. Not sure about pricing though.
formatting link
Check out MS's ISA community:
formatting link
Google is an IT pro's best friend:
formatting link
That should be a good start.

Nonapeptide

Reply to
Nonapeptide

I would suggest that you look at the WatchGuard line, they have AV, content, web blocking, and you have built-in proxy services for HTTP and SMTP that can remove files from the HTTP or SMTP sessions.

formatting link

Reply to
Leythos

The thing to keep in mind is licensing.

The minute you want to stick in a standalone appliance/piece of software just to do URL filtering you typically have to license it per user, which with 50 seats will not be cheap.

Odds are it will cost more than what your vendor suggested, which is to replace the PIX with something that has "flat fee" content filtering on-box - the trade off being that there is usually less granularity and reporting available than there is with a standalone solution.

Reply to
Paul Hutchings

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.