Content filtering with granular settings
-
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
-
@CCWTech said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
Gotcha, that does not do content filtering.
-
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
Watchguard purchased Strongarm.io (a competitor to Cisco Umbrella) to get this functionality.
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
They do, but content filtering requires an additional yearly subscription to use it.
-
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
-
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
-
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
Yeeez, what can't you stand about them?
-
DNSFilter with Roaming Client deployment would work. It is one of their use cases: https://www.dnsfilter.com/blog/everything-you-need-to-know-about-roaming-clients/
-
@RojoLoco actually they require a subscription even to switch them on
-
@dbeato said in Content filtering with granular settings:
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
Yeeez, what can't you stand about them?
The subscription, and the over-complication of settings by making everything objects instead of ip addresses and ports. Takes 5x to long finding what current settings are, let alone change something.
-
As far as Sophos goes.... my opinion is that the SG is a lot easier to navigate and set up than the XG. That being said - they both work well. You can download the XG software and try it out for free with full functionality.
-
DNSfilter.com, agent install.
-
We used to do with with an iPrism / edgewave / St Bernard appliance.
-
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
Yeeez, what can't you stand about them?
The subscription, and the over-complication of settings by making everything objects instead of ip addresses and ports. Takes 5x to long finding what current settings are, let alone change something.
I actually like it. If you need to make a change, you can make the change on the object and the rules are already applied.