A customer needed to get reports on specifically which workstations were visiting which websites and when. In the past I have used client-side software to do this but this is an unsatisfactory and messy solution and is not really practical with workstations on a network.
After a bit of digging it appeared that the Zyxel USG 20 would provide this feature. And I proceeded to configure the following. . I was not interested in any of the port forwarding or more sophisticated VPN functions – I simply want it to sit between the internet and the local network and then provide me with reports on who visits what websites. Amongst all the example configuration scenarios in the documentation I could find nothing that related to what I needed to do. I therefore proceeded to configure it as I have firewalls in the past - I had the main router which provides the internet connection plugged into the WAN port on the back of the Zyxel USG 20. There is then a network cable going from P2 (the first LAN port) on the back of the Zyxel into the main network switch. I could not see how to configure the USG 20 as a DHCP server so I left the internet router as the DHCP server – however the only way I could get the workstation to connect to the internet was to assign the IP details manually (using the USG 20’s static IP address as both the default gateway and primary DNS server).
Next step was to test content filtering. I created a zxyel account and enabled the bluecoat content filtering service. As my main objective was to simply log visited websites (rather than block them) I created the most general filter rule possible which incorporated all categories of website and those which were uncategorised. I configured it to pass all and ticked the option to log. My assumption was that this would then allow the workstation to browse the web normally but would log websites visited. However after browsing the internet for a while I found that when I logged into the bluecoat account no websites were logged under any category. Furthermore on the USG 20’s main dashboard under the summary of statistics (websites passed and blocked etc) it shows zero for everything. As a final test I configured the USG to block everything however the workstation was unaffected and could browse everything as normal.
1) I am not sure at this stage whether or not I have made a mistake opting for the Zyxel USG 20. However now the hardware is paid for and in place I really do need to find a way to make it work. Could anyone please advise how I should configure the router / USG 20 / workstations to enable the bluecoat content filter to function correctly?
2) This is a scenario that I can see popping up increasingly - for future reference could anyone recommend a better solution than the one I am attempting to use here?
Many thanks in advance.