Monitoring Network Through Firewall

[Imminent]

We want a firewall application that can do the following

• Monitor Website Visited
• Monitor IP Address & Computer Name That Visited Said Address
• Block Access to Certain Websites
• Monitor Data Usage Of Each Computer
• Run On A Windows Server
• Serve As Gateway For Applications To Connect To

If anyone has any advice I would greatly appreciate it.

P.S. I am aware of Smart Switches/Hubs and Proxy Servers but we would like this service from a firewall.

Regards,
Imminent

 

[syntax]

U want a firewall that runs on a windows server??
TMG is ur only real option then i think....It can actually do all of what u want as well

 

[ponder]

We want a firewall application that can do the following

• Run On A Windows Server

If you drop that requirement it becomes much easier.

 

[Elvis007]

I only know of TMG as well for Windows, and that only runs on Win 2008 as far as I know. Or you could get ISA 2006 if you are running Server 2003, but it does not have the new web policies that TMG has...

On another note, I was using TMG at home till last night, popped in a Untangle CD, an hour later I have a very nice Linux based firewall running. Very impressed so far. And I have never worked on Linux before in my life... (actually still not, everything is configurable through a web interface)

I just got fed up with re-installing everything after the 120day trial expired, can't afford MS license fees....

 

[F111]

look at Cisco ASA http://www.cisco.com/cisco/web/solutions/small_business/products/security/ASA_5500_series/index.html

 

[w1z4rd]

Runs on windows? Wtf... fail server. Microsoft make terrible gateway servers.

If you decide to go the normal more stable and business wise way... try clearos, it comes with dansguardian and all the stuff you want. You also dont need to be too smart to set it up.

Untangle is okayish, but does not monitor user usage. Both are configurable through a web interface so even windows "techs" can use them.

 

[Elvis007]

Runs on windows? Wtf... fail server. Microsoft make terrible gateway servers.

If you decide to go the normal more stable and business wise way... try clearos, it comes with dansguardian and all the stuff you want. You also dont need to be too smart to set it up.

Untangle is okayish, but does not monitor user usage. Both are configurable through a web interface so even windows "techs" can use them.

ISA and TMG are not that bad, it get's the job done doesn't it? I have worked at a few companies with 5000+ users that uses ISA and TMG. Then quite a few uses Cisco, Juniper and Fortigate, but never once came across a company that uses a Linux firewall. Probably because I never worked in a small IT environment, Corporate companies does not even look at free firewalls, they have the money and want the best, so they are willing to pay for a decent firewall, but I think the word "decent" excludes ISA thought

So I would recommend TMG as he want's it to run on a Windows Server...

 

[syntax]

ISA and TMG are not that bad, it get's the job done doesn't it? I have worked at a few companies with 5000+ users that uses ISA and TMG. Then quite a few uses Cisco, Juniper and Fortigate, but never once came across a company that uses a Linux firewall. Probably because I never worked in a small IT environment, Corporate companies does not even look at free firewalls, they have the money and want the best, so they are willing to pay for a decent firewall, but I think the word "decent" excludes ISA thought

Checkpoint is a chopped down version of red hat, and therefore qualifies as linux

ISA is less than average. The logging is absolutely shocking. Havent used TMG, hope i never have to...

 

[ponder]

ISA and TMG are not that bad, it get's the job done doesn't it? I have worked at a few companies with 5000+ users that uses ISA and TMG. Then quite a few uses Cisco, Juniper and Fortigate, but never once came across a company that uses a Linux firewall. Probably because I never worked in a small IT environment, Corporate companies does not even look at free firewalls, they have the money and want the best, so they are willing to pay for a decent firewall, but I think the word "decent" excludes ISA thought

I think it's more about the backup & support they are interested in.

Most of these commercial firewalls run a custom version of BSD (or Linux) hidden from the user. NokiaIPSO, JunOS, FortiOS, NetApp, F5 Networks, IronPort are based on FreeBSD (Fortinet was started by a ex Juniper guy), Sonicwall uses Solaris and there are many more out there. Very few companies design operating systems from the ground up.

They all go for BSD due to the BSD/MIT license which allows them to 'take' the code. BSD also has one of the best network stacks out there. OpenBSD is also heavy into security and their side projects like OpenSSH, OpenNTPD etc and security code patches have found their way into the other BSD's and commercial products.

So those 'decent' products are actually BSD (& Linux to a lesser extent) at their core.

I have to agree though that MS is not the type of platform you want to use as security/gateway tool.

 

[gregmcc]

Why does it need to run on a windows server?

Have a look at pfsense. Not a bad open source Linux based firewall. What kind of data usage are you looking to monitor. If you want a proxy then look at ipcop/smooth wall.

 

[Imminent]

Its nice to see all the different viewpoints on this subject, ive been looking into Smoothwall, Untangled but as Elvis said, if the company can afford dedicated hardware why go after a free option?

We are going to get a whole new telephone system installed soon from Samsung.

I believe they will provide us with some dedicated hardware that will monitor calls, log websites visited etc.


But for the time being I was just looking for a sollution that runs on a Windows XP Pro X64 O/S (Serves as the Gateway PC)

 

[ponder]

But for the time being I was just looking for a sollution that runs on a Windows XP Pro X64 O/S (Serves as the Gateway PC)

Besides ISA & TMG you could have a look at WinGate, http://www.wingate.com/products/wingate/index.php