Link to home
Start Free TrialLog in
Avatar of David Haycox
David HaycoxFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Replacement for ISA server in SBS2011 - web filtering by user

We have an SBS2003 Premium server that I will shortly replace with SBS2011.  Currently ISA server is used for relatively simple web filtering - if your user account is in Group1, you get full access, if it's in Group2, you get no access, if it's in Group3 you get access only to domains on a whitelist.  There's no filtering by category or need for up-to-date lists of websites.

What can we use on the new SBS2011 to perform a similar task?  There's no need for caching or any content filtering other than allowing our whitelist, full access or none but the critical point is that it needs to be per-user in the AD.  So User1 logs on to PC1 and gets no access, User2 logs on to the same PC and gets full access, User3 gets the whitelisted sites only.

I've looked at OpenDNS but their AD-integrated product is well outside the budget for this project.  Routers and firewalls can filter per-IP (and therefore per-PC) but I haven't seen one that can AD-integrate (at least not at the low end, pricewise).

Does anyone have any experience of a solution (ideally that you've used successfully) that will achieve this?  A subscription service would be fine (if reasonably priced), same for a hardware device or software application.

Thanks in advance for any suggestions.
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

The Microsoft replacement for the web filtering capabilities of ISA would be Forefront TMG.

I'd suggest looking at Baracuda and Meraki, you might also look at Cisco ASA with websense

As you only need a whitelist, you could look at using the free version of QuintoLabs filter, either as a vmware image, or built yourself on Linux

http://www.howtoforge.com/web-filtering-on-squid-3-with-quintolabs-content-security-1.4-and-windows-active-directory-integration
ASKER CERTIFIED SOLUTION
Avatar of Cris Hanna
Cris Hanna
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
they might be discontinuing it, but its available at the moment

agreed it can't run on SBS

it would seem that the Caliptix 1000 has been discontinued
The Calyptix 800 would be more than enough and is priced @ 1000.00.  The AE1000 has been replaced with the AE 1200.  

installing a product that's been discontinued even if it's still available just doesn't seem wise
it all depends on where it does what you need.

I still have in production several things that were discontinued in the 90's, but they work, and not being internet accessible I'm not too bothered about security fixes...
Avatar of David Haycox

ASKER

We're currently exploring some options including OpenDNS.  Will post back when have some news.  Thanks for advice so far.
Looks like in this case we're going to go with the features of a Draytek 2830 router.  Thanks for the advice.