Proxy Servers Setup

zetec452 · 6 Jun 2008 at 21:07

I'm not a huge fan of ISA. Had a good experince with Smoothwall Corporate Guardian though. Most may just feel as though your paying for Linux but the software is very well put together and support is fantastic.

teaboy5 · 7 Jun 2008 at 19:08

Have a look at surf control as well.

m_cozzy · 8 Jun 2008 at 08:14

Squid. The NT version nicely ties into AD (as would the linux version but I never got this to work) & can use group membership to determine access. There are many open source tools to then analyze the logs + filters & blocklists available.
As mentioned above there are probably dedicated distro's designed specifically to do this.

mdjmcnally · 8 Jun 2008 at 13:26

In terms of proxy placement I would install off the switch rather then inline.
Then on the firewall only allow the proxy server outbound with http, https.

This way non Web Traffic can get out without going through the proxy, but users are forced to go through the proxy.

As others said if you run the proxy inline with 2 NICs then all traffic has to go through the proxy which is more difficult to configure.

TaLLyJ · 10 Jun 2008 at 13:09

I've just finished installing Squid

Works a treat

lumpeh · 10 Jun 2008 at 18:28

We run Squid too on the ex-Exchange server. We back it up with Policy Central on the clients (free from our LEA!) which negates the need for NTLM or some other auth scheme on Squid, and keeps web logs & snapshots of the offense on a separate server.

Peace · 10 Jun 2008 at 20:59

if you after a free solution then have a look at untangle

BoomAM · 12 Jun 2008 at 23:53

waso_dude said:
Microsoft ISA server

Links in with Active Directory, alots multiple rules depending on the user ect. Works really really well imho.

Seconded.
That plus something like SurfControl is the standard in a lot of LEAs iirc.

tbz_ck · 13 Jun 2008 at 11:34

Messagelabs are superb. Highly recoomended. Around £4.79 per user per month for email and web filtering.

Nikumba · 15 Jun 2008 at 19:35

Depending on if you a licensing programme with Microsoft, you could look at using ISA server. We use 3 of them for our proxying/routing needs and works very well for 400 users

Kimbie

m4cc45 · 15 Jun 2008 at 22:26

If you wanted to pay for something then Bluecoat Proxy would get my vote. In my opinion better than messagelabs as it's simply a device that doesn't fall over where as on a server if you have to restart it (and you will sooner or later) then all users have no net access. If the server dies again no net access until its fixed.

M.

tbz_ck · 16 Jun 2008 at 09:53

m4cc45 said:
If you wanted to pay for something then Bluecoat Proxy would get my vote. In my opinion better than messagelabs as it's simply a device that doesn't fall over where as on a server if you have to restart it (and you will sooner or later) then all users have no net access. If the server dies again no net access until its fixed.

M.

I don't get you. MessageLabs is a service provider not a server product. They have thousands of servers in farms that provide redundancy. I've not yet had one minute of unscheduled downtime in the 6 months since we moved to them. How can that not be more resilient than ANY in house device whether server or appliance?