Webfiltering - what do you use - assuming you do.

stacksofplates

@Dashrender said:

@johnhooks said:

I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.

We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours.

Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter.

In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list.

One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess.

Dashrender

@johnhooks said:

@Dashrender said:

@johnhooks said:

I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of.

We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours.

Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter.

In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list.

One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess.

How did you handle doing a MITM on all of your users and not have chrome refuse to work for places like Google services?

s.hackleman

I used Watchguard XTM devices and loved them.

Dashrender

@johnhooks said:

@Dashrender said:

OK I was given another reason why they didn't want Facebook, at least on our office computers.

you know.. the reasoning seems so off the wall, I just can't even write it.
lol

You can't do that and not tell us haha.

OH OK..

So someone created a location inside FB about our business. We've know about it for a few years, it was created in 2012 (back when everyone used to check in everywhere). Currently the location is owned/run by Facebook, not us. But we are able to take over that location since it is our business (we haven't done it yet).

So sometime last week, a patient had a complaint, found this location and posted on the wall of that location. We had an employee who had also liked that location and became aware of the complaint while they were off the clock, but apparently in the building. This employee then told others (who were already on the clock) about it. A rukus ensued.

So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it).

travisdh1

@Dashrender said:

@johnhooks said:

@Dashrender said:

OK I was given another reason why they didn't want Facebook, at least on our office computers.

you know.. the reasoning seems so off the wall, I just can't even write it.
lol

You can't do that and not tell us haha.

OH OK..

So someone created a location inside FB about our business. We've know about it for a few years, it was created in 2012 (back when everyone used to check in everywhere). Currently the location is owned/run by Facebook, not us. But we are able to take over that location since it is our business (we haven't done it yet).

So sometime last week, a patient had a complaint, found this location and posted on the wall of that location. We had an employee who had also liked that location and became aware of the complaint while they were off the clock, but apparently in the building. This employee then told others (who were already on the clock) about it. A rukus ensued.

So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it).

You were correct, this is as silly as Monty Python's Camelot.

scottalanmiller

@Dashrender said:

So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it).

So wait... there was a customer on FB and instead of the reaction being "oh gosh, we had better monitor who is talking to us" the reaction is "we'd better block this so we can officially ignore them?"

Dashrender

@scottalanmiller said:

@Dashrender said:

So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it).

So wait... there was a customer on FB and instead of the reaction being "oh gosh, we had better monitor who is talking to us" the reaction is "we'd better block this so we can officially ignore them?"

LOL - the staff is who is being blocked, not the administration (or at least potentially). though in writing this, if I use JB's free easy to implement solution of creating a DNS entry for FB on my local DNS server, that would effectively block anyone inside my buildings from using it since they all use my DNS server, so even admins couldn't get there.... hmm...

scottalanmiller

Yeah, that is what I was guessing. Full blocking. Sure people will see it on their phones, but makes responding to customer complaints rather difficult.

Dashrender

@scottalanmiller said:

Yeah, that is what I was guessing. Full blocking. Sure people will see it on their phones, but makes responding to customer complaints rather difficult.

And really not appropriate from a business perspective (well, seems weird to require the assigned to mange users to be forced to use their phones instead of their desktop to manage it).

scottalanmiller

Yeah, not ideal.