Network bridge needed with various services

S

snobee

Expert Member
Joined
Sep 26, 2003
Messages
1,009
Reaction score
20
Location
Somerset West
Hi there,

So... these are my criteria for a network transparent bridge:

1. As mentioned, it must have the ability to to work as a transparent bridge;
2. Has web caching ability;
3. Has url content filtering, either in categories that one subscribes to or is free;
4. Has reporting ability so I can see which ip addresses on my internal network are downloading, what they are downloading and how much.

I have looked at two options, Untangle and MS Forefront TMG 2010. Untangle is the best for my needs so far, but I have various problems with its reporting ability.. TMG 2010 doesn't work in transparent bridge mode, and sucks for bandwidth reporting.

Not sure how IP COP works, anyone know? What other options? As much as I would prefer a free option that can be installed on a workstation, paying for something within reason is also on the table.
Oh yes... also looking for something that is relatively easy to install, so going the linux route would need to be along the lines of a package like ip cop, untangle or smoothwall.
 
Last edited:
Great, thanks guys... keep the "shots in the dark" coming. :) I appreciate it. I will look deeper, but ClearOS & Astaro both don't seem to do caching, but all other criteria seems to be positive.
 
snobee said:
I will look deeper, but ClearOS & Astaro both don't seem to do caching, but all other criteria seems to be positive.
Click to expand...

Look deeper, you can cache content via the proxy sever. Just check what protocols it supports. I think it uses Squid for the backend so it should be able to do everything Squid does.
 
Last edited:
Roman4604 said:
The Astaro should also cache, its the free version of the commercial-grade OSS based UTM firewall (software or applicance), which definately caches.
Click to expand...

Just had a quick google and it has a caching proxy server.
 
They all run squid, which if set will cache as normal. IPCOP, smoothwall, IPFire all do the same if set.
 
Grep said:
They all run squid, which if set will cache as normal. IPCOP, smoothwall, IPFire all do the same if set.
Click to expand...

Do you know what their reporting is like? I would assume SARG is available for some of these distributions like IPCOP.
I have now downloaded something called Zentyal and will check that out.
Astaro will do all I want, but at a cost... still waiting on that. What I like about their one is they seem to have excellent reporting, very detailed and real time.
After Zentyal, I will try smoothwall and ClearOS
 
Last edited:
snobee, getting sarg reporting on those solutions is DIIFFIICULT! There is an unsupported module for IPCOP, but found that it broke things. I found Zentyal crap and replaced it with an Ubuntu box and then installing sarg and the normal pluggins. I am still to find a fully supported app like smoothwall/ipcop/ipfire that supports sarg completely hence I did it myself. The biggest problem with ipcop and smoothwall is their network card support, they don't support much.

If anyone can point me to a release that has all the functionality of an ipfire solution with sarg support, I would love to hear it! PS: it should be all installable off a single ISO disc :o)
 
the terms "transparent bridge" and "content filtering" and "web caching" are not normally used together.


if "content filtering" is running then the device is not really a transparent.
If "web caching" is enabled it means the client does not always get content form the source (he sometimes gets it form the cache) = also not transparent.

** a bridge is a hub/repeater & most "dumb" switches.
** content filtering & caching = features of firewalls/rules based/packet inspection devices.

a "Checkpoint UTM device" will do nicely but they costs about R16K + R2K annually if you want them to manage it.

something off the shelf: (free for 3 months I think?) Microsoft ISA Server 2006. (reporting can be customized)

Microsoft ISA / TMG is nice in that they are "fire-and forget".
Install it once and just look at the logs once a month.


or get a Linux box and spend the rest of your life learning it and finding out why nobody has access.
LOL.
 
Thanks for you thoughts Ponder.
:-)
The corporate world trusts Win because it's easy (out the box) and advanced skills aren't hard to come by (like *Nix skills).
*Nix groups cannot even agree on a single thing (which turned out to be their downfall in the desktop market)

Ask most people what "Red Hat, Suse or Fedora" is and they'll look at you funny.

*Nix is nice if you like to "fiddle" all day long.
Windows is nice if you want to get some work done. (hence their share of the server and desktop markets).

nuff said.

PS:
I've run Fedora at home for years (have also tried most other distro's)
It's nice to play with (compiz) every now and then but when I need to work (or play games) it's back to good ol Windowz.

*Nix people who think it's "oh so great" are living in a dream world.
Skills or not.
:-)
 
bubbatentoe said:
the terms "transparent bridge" and "content filtering" and "web caching" are not normally used together.


if "content filtering" is running then the device is not really a transparent.
If "web caching" is enabled it means the client does not always get content form the source (he sometimes gets it form the cache) = also not transparent.

** a bridge is a hub/repeater & most "dumb" switches.
** content filtering & caching = features of firewalls/rules based/packet inspection devices.

a "Checkpoint UTM device" will do nicely but they costs about R16K + R2K annually if you want them to manage it.

something off the shelf: (free for 3 months I think?) Microsoft ISA Server 2006. (reporting can be customized)

Microsoft ISA / TMG is nice in that they are "fire-and forget".
Install it once and just look at the logs once a month.


or get a Linux box and spend the rest of your life learning it and finding out why nobody has access.
LOL.
Click to expand...

Well, after a number of weeks of playing around and testing, while using a number of options in production, my conclusions are:

1. Astaro - is excellent, and would be my choice if it just was not limited in number of connections in the free edition. Reporting is VERY detailed which is what I was hoping for.
2. ISA2006/MS TMG2011 - I agree with bubbatentoe above... if you live in the MS world then transparent, content filtering and caching are not normally used together. ISA/TMG was the worst out of the the lot when it came to what I wanted. No transparent mode and no detailed reporting. So I setup an extra route in my production system and installed a 3rd party for reporting details of my users to test... but it really didn't meet my requirements.
3. IPCOP - Great, with lots of plugins and upgrades... but this was a pain for a non linux person like me. Not has good as Untangle if I wanted something linux.
4. Smoothwall - Ok, but not as good and easy as Untangle.
5. ClearOS - Didn't get to use it much as I had some problems with installing for some reason... got frustrated and moved on.
6. Endian - Better than most imho. Though again, without wanting to sound like a stuck record... not as good as Untangle.
7. Zentyal - As Grep said above... average.

Personally I wish I could marry Untangle for ease of use and Astaro for its reporting.
I am finally now going to install PFsense 2 RC1.
 
Last edited:
bubbatentoe said:
the terms "transparent bridge" and "content filtering" and "web caching" are not normally used together.


if "content filtering" is running then the device is not really a transparent.
If "web caching" is enabled it means the client does not always get content form the source (he sometimes gets it form the cache) = also not transparent.

** a bridge is a hub/repeater & most "dumb" switches.
** content filtering & caching = features of firewalls/rules based/packet inspection devices.

a "Checkpoint UTM device" will do nicely but they costs about R16K + R2K annually if you want them to manage it.

something off the shelf: (free for 3 months I think?) Microsoft ISA Server 2006. (reporting can be customized)

Microsoft ISA / TMG is nice in that they are "fire-and forget".
Install it once and just look at the logs once a month.


or get a Linux box and spend the rest of your life learning it and finding out why nobody has access.
LOL.
Click to expand...

CP web filtering sucks. Great firewall, crap web filtering.
How about a fortinet? its cheap, has web filtering, spam filtering, ssl vpn and is a decent firewall


bubbatentoe said:
Thanks for you thoughts Ponder.
:-)
The corporate world trusts Win because it's easy (out the box) and advanced skills aren't hard to come by (like *Nix skills).
*Nix groups cannot even agree on a single thing (which turned out to be their downfall in the desktop market)

Ask most people what "Red Hat, Suse or Fedora" is and they'll look at you funny.

*Nix is nice if you like to "fiddle" all day long.
Click to expand...

to sound like a broken record, only if you dont know what you are doing. Each platform has its own place in the market. Bashing one or the other simply means ignorance to its use.

Windows is nice if you want to get some work done. (hence their share of the server and desktop markets).

nuff said.
Click to expand...

What kind of work? Ask a graphic designer / animator what kind of machine they would like to work on? Mainframes certainly dont run on windows either? Running syslogs or system monitoring tools I certainly wouldnt look at windows as my first choice....
IT and the OS's involved certainly are broader than just desktop users

PS:
I've run Fedora at home for years (have also tried most other distro's)
It's nice to play with (compiz) every now and then but when I need to work (or play games) it's back to good ol Windowz.

*Nix people who think it's "oh so great" are living in a dream world.
Skills or not.
:-)
Click to expand...

I do think linux is great, and unix, and OSX and windows. Because they all have their place.
People who think that windows is the all in one complete solution for everything have a very closed off view of IT
 
@tau1z.
I actually use Cyberoam for my heart of the network. Unfortunately UTM's don't do everything, so when it came to the "other" things I required, I needed to look elsewhere. I did look at Fortinet products initially while I was looking at an "ultimate" UTM, but it failed on certain issues. Please understand the failing was not on it being a bad product or faulty, just it didn't do one aspect that the Cyberoam products handled. Anyway, coming back to my OP, I was hoping to find something to just add to my network with little fuss (hence the transparent bridge). I didn't really want to pay for something (had already done that with my Cyberoam), so that is why I started looking at open source options, and even the MS option is virtually free as I pay through a MS School Agreement anyway, so the cost for the TMG or ISA is very cheap.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X