RE: ISAserver.org - Review of SurfControl Web Filter 5.0 for ISA Server 2004
- From: "Ara" <ara@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 15 Mar 2005 17:28:31 -0800
Thank you everybody for response, actually I am quite surprised to see
theses feedbacks.
If I get this right there are some known issues with tracking secure nat
clients.
I have done my deployment in a way that firewall client is installed and
it automatically forces the browser policy settings for internet
explorer. But I have got an issue that people using fire fox can simply
by pass the filter. What have I done wrong here that I can't force fire
fox clients to go through proxy and get filtered?
Best regards
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Tuesday, March 15, 2005 12:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
http://www.ISAserver.org
I agree, nice product, not perfect though. We're using it for about
1200 workstations, about 800 or so in use at any given time during the
day. It runs good on an ML370 even with that load, only about 10-15%
utilization.
The SNAT problem was a problem for us, since we are required by law to
filter the web pages. We got around that by forcing Proxy settings onto
the workstation (filters proxy traffic fine), and using policies to
restrict changing them.
One other problem we encountered is a database limit on user tracking.
While there is no actual limit on how many different people can be
passing through the system, it only saves the browsing history of a
specified number of people, making it a bit aggravating when trying to
figure out where someone went. There was supposed to be a fix for that,
but haven't checked to see if that was no longer an issue.
I was trying to remember why we originally went with it instead of the
others, and I think that at the time (about 2-3 years ago) it was about
the only one that fully supported ISA Server and Active Directory.
We also looked at many of the freeware programs out there, blocking
lists, etc, and decided they were too manpower intensive. We looked at
it this way; it was a matter of trying to identify which sites we should
block and entering them in manually, or paying someone to maintain a
list that is automatically updated every night to do it for us.
-----Original Message-----
From: Crockett, Gregory [mailto:Gregory.Crockett@xxxxxxxxx]
Sent: Tuesday, March 15, 2005 14:09
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISAserver.org - Review of SurfControl Web Filter
5.0 for ISA Server 2004
http://www.ISAserver.org
We are running two version of SurfControl on two different ISA
installations for the same network -- ISA 2000 (for three years), and,
now ISA 2004. SurfControl made a drastic change in the 2004 version --
It no longer monitors SecureNAT clients. We need SNAT monitoring for
our wireless hotspot (ad-hoc) clients.
Our library and youth center really enjoy the product. You are able to
redirect the client to another site if they try to access a site in a
blocked category. Our Adult/Sexually Explicit rule redirect them to
Barney, teletubbies, pooh, and a list of other kid sites. We must
manually change the redirect site on the rule. It would be cool if
SurfControl could alternate between selected sites.
The time feature is an excellent feature for our library. Before we
deployed SurfControl, library patrons would not always logoff at the set
time of 30 minutes before closing. ISA, too feature a time limit
(schedule) -- but in 1 hour increments. SurfControl allows a scheduled
time in 1-minute increments. Exactly 30 minutes before library closing,
SurfControl redirect the client to an internal web page with the hours
of Internet access hours. SurfControl redirect the wireless clients
redirected 15 minutes before closing.
SurfControl is AD aware which makes it very easy to assign rules to
groups, users, etc.
SurfControl can monitor either users or machines -- we monitor machines.
The library requires 300 user accounts used over 30 thin-clients. These
thin-clients use two Terminal servers, which we monitor.
We really like the product -- just renewed our category subscription,
and tech support for two years. SurfControl is constantly updating
their category, and our subscription allows SurfControl to download the
updates at our leisure.
Tech support: I have been working with them for the past few months
regarding the SNAT monitoring. I have been in queue (hold - handsfree)
for the past hour on this very issue. I can recall when we first
purchased this product tech support was much quicker on answering calls.
Their customer base must have gone up significantly. However, when you
are finally out of queue, tech support will get you up and running.
Nice product -- slow tech support.
greg
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
