We help IT Professionals succeed at work.

Suggestions for Corporate Proxy Software

Hi

I have a client that has about 80 users split across 3 sites, they currently have a Windows 2003 / Exchange 2003 enviroment, All sites have Cisco ASA devices providing Firewall and Site to Site VPN's

For internet access everyone just has the Default gateway of there local Firewall and goes straight out, obviously this way we have no control over who is accessing what etc and today they have dismissed someone for looking at stuff they shouldnt!!

I need to suggest proxy server sofftware, I used ISA server 2000 sometime ago and i know thay now have Forefontt but wanted suggestions as to alternatives so i can go back with options.

Im looking for Proxy only as we will continue to use the ASA devices for firewall use

Thanks

Nick
Comment
Watch Question

Commented:
Websense previously SurfControl is a good product which we currently use.
Top Expert 2010
Commented:
Squid Proxy is free, easy to setup/configure and comes with tons of features. (squid-cache.org)

If you are looking for something more advanced and "corporate" then have a look at Finjan Vital Security appliance - Amazing piece of kit but might be an overkill for your clients because they want to cover 3 sites and a fairly small number of users. finjan.com
Premkumar YogeswaranSr. Analyst - System Administrator
Commented:
Websense is the best product which can be used for Proxy
greg wardSenior Systems Engineer
Commented:
http://www.bluecoat.com/node/485
Bluecoat has a nice graphical front end.
Greg
Depending on the budget of your client there are a couple ways you could go.

Cymphonix Network Composer (http://www.cymphonix.com/EXNetworkComposer.html)  is an awesome tool that can sit as a transparent bridge in each network (no windows proxy settings to screw with) and can monitor and shape ALL traffic based on type and content, and do so on a per-user/group basis.  This will not only help with keeping users out of various categories of websites, but can also track per-user utilization of web and other communications (includes capture of IM content as well)  They can integrate with AD to make management easy as well.  Typically you would put one at each location...so depending on total users at each site you'll likely looking at about $10k in cost for the solution at three sites.


Now if your client has virtually no budget, OpenDNS might be an attractive option.  This is a DNS based service that you can set up rules on a per-site bases.  You would set up an account for each location (it applied rules based on the WAN IP address of their firewall) and use DNS forwarders on your AD servers so that all internet domain requests go only to the OpenDNS servers.  They then check the site in question against their configurable database and either give the proper DNS reply sending the user on their way to the site, or redirect the user to a "you can't see this website" page.  The downside to this solution is it's pretty much all or nothing for users.  They also don't have much of an override system to allow a management level user to bypass the filter on a one time basis...but it's also priced accordingly.
Commented:
Please note that a Websense add-on can be installed on the Cisco ASA to have full control over internet access.
You did not mention whether you want control (filtering) or just reporting. If you want filtering then you have to use one of the product above, and Websense is the market leader, but is a bit expensive.
I suggest that you download and real-time test some products then you decide, and most web filtering systems give a 30 day free trial (at no cost). To mention: Websense, Smart filter, GFI Internet Security.

Ehab

Author

Commented:
Hi All

Thanks for all the replys ill have a look, basically what i need to do is be able to ensure i can control what sites users can / cant access and provide reports on useage.

Thanks again

Nick

Author

Commented:
Thanks All