[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

Application Level Firewall...

Hi -

I'm redesigning the network topology, so A) be more secure, but B) getting regulatory pressure to do so.

One requirement is to be able to monitor users Web usage. At the moment this means crawling through 1000's of checkpoint logs!

What's the best FW for the PC / Server gateways? (Before it goes up through DMZ etc.. to the internet)

Looking for something with excelent reporting, to make me aware of exactly what users are doing.

What products have you tried / recommend?

Thanks, James.
0
jh_007
Asked:
jh_007
5 Solutions
 
Leon FesterCommented:
You may consider a logfile analyser as opposed to installing a new firewall system?

I use ISA Server 2004 from Microsoft.

Alternatively look at GFI Lanworks for monitoring your firewall connections. What is your major concern? Realtime reporting or historical reporting. Not all products offer the same levels of details in there reporting.

For me ISA Servers reports are adequate, so I can't really list any products, but I'm sure you'll get some responses soon.
0
 
p_davisCommented:
check out squid
0
 
p_davisCommented:
it is a proxy but gives detailed reports
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
rutten-dCommented:
we use isa2004 which provides good logging/reporting , additionally we use Smartfilter (ISA plugin) to allow/disallow certain sites.
Smartfilter provides excellent reporting on web access.
0
 
jasonwilliams74Commented:
I too, use isa2004, configured as a proxy and firewall. So far, it has worked very well.
I also needed reporting to see what my users were doing. Believe me, it was exilerating when I ran my first batch of reports on specific users in departments on their web usage to actually see what was going on. It was even better to hand these reports to the manager and watch their faces turn to disgust when they saw what sites  their teams were visiting and how long they were on the sites. It's great. Oh ya, also nice to save on bandwidth as well. :)

In addition to Smartfiler (which is a very good product), there are two other 'webfilering products' with very nice reports that you might want to look at:

http://www.surfcontrol.com

http://www.websense.com

Both are very good. I have used surfcontrol quite a bit and like it. Smartfilter is another. Both provide excellent reporting.

I should also mention; one of the nice things about using Sufcontrol, websense or smartfilter, is that it is essentially a "drop in" for ISA. Meaning, it is relatively painless to get it installed and running. the GUI is very easy to navigate.



0
 
jasonwilliams74Commented:
Dushan911,

Great link and great answer on the last page.

This is a great example of why you limit outbound access to only what your clients need.
In my case, I only allow outbound access on ports 80 and 443 for my clients. For my servers, I customize the ports as well (Exchange, outbound port 25, etc. etc.)
Of course, block all inbound.
0
 
mianniCommented:
Why not put a proxy in front of the Firewall, then only allow the proxy to access the internet.
Automate extraction of the proxy logs and run them trough a product called "Sawmill" very powerful/fast on any size logfile.
Generate reports with any output you want, able to drill down into categories etc etc..
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now