proxy server options - Chicagoland Sportbikes
Chicagoland Sportbikes
 
Open Forum This forum is for all off-topic discussion.

 
LinkBack Thread Tools Display Modes
post #1 of 13 (permalink) Old 09-21-2005, 09:57 AM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
proxy server options

okay, I didn't know where else to ask. I am hoping for a few leads.

500 users around the country, all users have a centralized internet connection located in chicago. I am looking to put a Proxy server in that location. #1, I want to be able to log websites by user name (AD enviroment) #2, I want caching, #3, It HAS TO NAT the IP address, #4 something that doesn't require a software package installed on each PC.

I have considered Microsoft ISA server, as I have worked with Proxy 2.0 in the past. However, I am afraid that program is costly

I have also considered Websense, because I have seen this program used, and it looks very slick, however I don't know the cost, and I can't find on there website if it NAT's. It does look like it will do everything else however.

I will be purchasing a new server for this, so hardware will be basic Pent 4 single proc server platform.

<-- Chris

turn the bars left and go right; that just isn't right
clearwaterms is offline  
Sponsored Links
Advertisement
 
post #2 of 13 (permalink) Old 09-21-2005, 10:07 AM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
another option is to put a dedicated device behind your firewall and let the firewall do the NAT 'ting.

Check out the iprism by st bernard.

AD aware so you can set up global groups, and define access based on like 100 different catgories of websites, slick reporting and drill downs, real time monitoring, by user, website, ip address...you name it.

Demo one, you'll be impressed.


"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #3 of 13 (permalink) Old 09-21-2005, 10:12 AM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
The reason it needs to NAT is that I am putting in a new firewall, It's a Nokia with FW-1 from checkpoint, the problem is that for every IP addy that is behind the firewall I have to have one client. If I can NAT it will save me about $9000. Which is the rough cost of a Proxy server, and a proxy server will solve a few other problems as well.

Craig, do you have a link to that iprism, also what is there support like? Websense has good support (from what I hear) and I have seen the program in action, and Microsoft's ISA, well it's microsoft.

<-- Chris

turn the bars left and go right; that just isn't right
clearwaterms is offline  
post #4 of 13 (permalink) Old 09-21-2005, 10:27 AM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
ISA is great for app filtering, but a PITA for web filtering...too much manual labor in my opinion. The Iprism does NAT too running in bridged mode, I thought you were talking about NAT on the internet facing side. Whats nice about the IPRISM, is that the database is updated automatically. and lets say the owner cant get to site he has to get to, the block page gives him the option to request access in which case an automated email comes to your desktop and you can either deny or allow with one click, or if his user is setup with the correct rights, he can override the block in real time himself. You have TOTAL control over web usage. Just make sure you lock down the local intrenet so the proxy is not bypassable, I.E. no outside DNS, HTTP only from your proxy address etc.

iprism

Request an eval unit on the right side of the page. Have fun!

"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #5 of 13 (permalink) Old 09-21-2005, 10:29 AM
Falcon Trainer
 
BusaGirl's Avatar
 
Join Date: May 2005
Location: Medinah
Posts: 2,866
Location: Medinah
Sportbike: 2012 Ducati 848 Evo, 2012 HD Softail Deluxe
Years Riding: Lots of years....
How you found us: ??
           
Send a message via AIM to BusaGirl Send a message via Skype™ to BusaGirl
Quote:
Originally Posted by Kegger
ISA is great for app filtering, but a PITA for web filtering...too much manual labor in my opinion.
Maybe you had a bad experiance, but ISA has rocked my world for poxy server reasons. I would not recommend it for a front-end firewall, but a back-end firewall it works well.

Busa /Ducati/HDGirl
NESBA #717


XBOX Live: JustPlatinum
BusaGirl is offline  
post #6 of 13 (permalink) Old 09-21-2005, 10:32 AM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
Quote:
Originally Posted by BusaGirl
Maybe you had a bad experiance, but ISA has rocked my world for poxy server reasons. I would not recommend it for a front-end firewall, but a back-end firewall it works well.
Hence my comment regarding internal app filtering.

"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #7 of 13 (permalink) Old 09-21-2005, 10:33 AM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
Quote:
Originally Posted by BusaGirl
Maybe you had a bad experiance, but ISA has rocked my world for poxy server reasons. I would not recommend it for a front-end firewall, but a back-end firewall it works well.

I already have a Nokia firewall. This is for inside NAT / cache / content filtering server / monitor web traffic

Craig, that Iprism doesn't look to bad... at $2500 from CDW it's decently priced. One question, is it AD enabled? it also looks REALLY easy to configure.

I am also considering ISA server, but at $1300 for the software alone, and then to add the cost of a server, the iPrism doesn't look to bad.

I assume that the iPrism has really nice logging features?

<-- Chris

turn the bars left and go right; that just isn't right

Last edited by clearwaterms; 09-21-2005 at 10:36 AM.
clearwaterms is offline  
post #8 of 13 (permalink) Old 09-21-2005, 10:35 AM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
Quote:
Originally Posted by Kegger
ISA is great for app filtering, but a PITA for web filtering...too much manual labor in my opinion. The Iprism does NAT too running in bridged mode, I thought you were talking about NAT on the internet facing side. Whats nice about the IPRISM, is that the database is updated automatically. and lets say the owner cant get to site he has to get to, the block page gives him the option to request access in which case an automated email comes to your desktop and you can either deny or allow with one click, or if his user is setup with the correct rights, he can override the block in real time himself. You have TOTAL control over web usage. Just make sure you lock down the local intrenet so the proxy is not bypassable, I.E. no outside DNS, HTTP only from your proxy address etc.

Request an eval unit on the right side of the page. Have fun!
I can lock everybody down at the Nokia firewall.

<-- Chris

turn the bars left and go right; that just isn't right
clearwaterms is offline  
post #9 of 13 (permalink) Old 09-21-2005, 10:46 AM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
Quote:
Originally Posted by clearwaterms
I already have a Nokia firewall. This is for inside NAT / cache / content filtering server / monitor web traffic

Craig, that Iprism doesn't look to bad... at $2500 from CDW it's decently priced. One question, is it AD enabled? it also looks REALLY easy to configure.

I am also considering ISA server, but at $1300 for the software alone, and then to add the cost of a server, the iPrism doesn't look to bad.

I assume that the iPrism has really nice logging features?
For your application I would look at the 3000 model.
Yes AD aware/enabled, I have global groups set up with users in AD and depending on what group the user belongs to in AD determines what catagories of web sites they can view. The logging is awsome, and drill down via Java remotely is seamless. Sorts and filters by time,user,ip,web url,content catagory, etc,etc,etc and any combination thereof, also can bring up real time monitoring remotely, as well as creating custom reports! You can't lose anything with an eval unit. If you dont want/like it send it back.

Oh yeah, I dont work for these guys, I am just really happy with their product.


"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #10 of 13 (permalink) Old 09-21-2005, 10:57 AM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
Quote:
Originally Posted by clearwaterms
I have considered Microsoft ISA server, as I have worked with Proxy 2.0 in the past. However, I am afraid that program is costly

I have also considered Websense, because I have seen this program used, and it looks very slick, however I don't know the cost, and I can't find on there website if it NAT's.
I am not knocking either of these options either, just easy configuration, and reliable performance out of the iprism.

FYI, Proxy 2.0 and ISA arent even comparable, so if your trending away form using ISA because of your previous 2.0 experience, re-think it.

"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #11 of 13 (permalink) Old 09-21-2005, 12:22 PM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
Craig,

I just got off the phone with St. Bernard and he compared his product directly to Websense, and it stacks up very nicely. He said that at my size the 1200 appliance is what he recommended. and the fact that it's a fail open device was REALLY slick to me. If it fails, it becomes a wire, so there is no Single point of failure created by the device.

<-- Chris

turn the bars left and go right; that just isn't right
clearwaterms is offline  
post #12 of 13 (permalink) Old 09-21-2005, 01:11 PM
King Nothing


 
Kegger's Avatar
 
Join Date: Nov 2004
Location: Ur Moms House
Posts: 17,944
Location: Ur Moms House
Sportbike: I ride Ur Mom
Years Riding: As long as Ive known Ur Mom
How you found us: u found me
           
Quote:
Originally Posted by clearwaterms
If it fails, it becomes a wire, so there is no Single point of failure created by the device.
Mine's never failed, knock on wood, but if I am not mistaken, there is a setting to fail closed if you want it to.

good luck with the eval.

"When in doubt, use full throttle. It may not improve your situation, but it will end the suspense."
Kegger is offline  
post #13 of 13 (permalink) Old 09-21-2005, 01:18 PM Thread Starter
The Victim Newbie
 
clearwaterms's Avatar
 
Join Date: May 2004
Location: Westchester, IL
Posts: 7,384
Location: Westchester, IL
Sportbike: 2007 mountain bike
Years Riding: just started
How you found us: svrider.com
           
Send a message via AIM to clearwaterms Send a message via MSN to clearwaterms Send a message via Yahoo to clearwaterms
Quote:
Originally Posted by Kegger
Mine's never failed, knock on wood, but if I am not mistaken, there is a setting to fail closed if you want it to.

good luck with the eval.
the eval isn't the part I need the good luck for. It's getting the powers that be to think a $6800 is money well spent.

If you look at there ROI page, it says we are wasting $3.7 million a year in lost productivity. I don't agree with that, but if it's true a $6800 box is chump change.

<-- Chris

turn the bars left and go right; that just isn't right
clearwaterms is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chicagoland Sportbikes forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome