SonicWall NSA240: Good for web filtering?

insurebaltimore · April 16, 2010, 09:52:52 AM

It's time to renew our web content filtering license. Currently, we use SurfControl and pay roughly $2000/yr for a 100 user license.

SurfControl rides on top of Microsoft ISA as a proxy. At the time, it was the only way we could report by username instead of IP address (important for Citrix environments.)

I love Untangle. I'm a huge fan, but Management wants more granular reporting than Untangle can offer. So in my travels, I came across a SonicWall NSA240 for $1700/yr.

Does anyone have experience w/ this product, specifically reporting, that they could share?

Bloody Jack Kidd · April 16, 2010, 10:59:27 AM

what kind of reporting are you looking for?

who is going where?

insurebaltimore · April 16, 2010, 12:02:28 PM

Quote from: Rick Chisholm on April 16, 2010, 10:59:27 AM
what kind of reporting are you looking for?

who is going where?

Who is going where, how long were they there, etc.

I wanted to implement Untangle, but it couldn't tell me exactly how long a user was on a website. SurfControl can give me the duration of time.

We're very REACTIVE in our internet usage control, unfortunately. Rather than setup proper time allotments to eliminate the possibility of abuse, we leave it open. Thus, we need the forensic abilities to recreate a record of abuse.

It's unfortunate, but it is what it is. I've been pushing for time allotments for years.

Kenny Cruzan · June 16, 2010, 05:34:48 PM

Mark P. got me to try untangle out over a month ago and I love it. We had iprevision and left that for cymphonix (control bandwidth). We were forced to upgrade our hardware due to increased badwidth. got to love fiber! Anyway after looking at soniwall and some others we decided on Untangle. I was the only one running reports and even though it emailed me daily the reports that showed who went where and for how long, I never had time to read them. Now the untangle box emails me daily reports and I still don't read them. Every now and then when I got free time I will go through fast and see the top 10 abused sites and then add them to black list but that is about all I use it for.

Untangle is cheap, easy to setup, and very easy to use. Note: It still has problem with TS having one IP so it can't tell you who is doing it....

insurebaltimore · June 17, 2010, 10:35:55 AM

Quote from: Kenny Cruzan on June 16, 2010, 05:34:48 PM
It still has problem with TS having one IP so it can't tell you who is doing it....

You can purchase the AD Connector to take care of that, but I never bothered.

I'm really trying to push the proactive approach to content filtering. If you've successfully locked down your network, it doesn't matter whether or not you can tell who's abusing, b/c there won't be any abuse. It's simply not possible. IMO, reports should be used to tweak and verify your security policies, not as a "gotcha" for employees.

I only wish Untangle would allow for time policies (multiple racks) in the free version so that we could unblock certain sites at lunch time.

Jeff Zylstra · June 17, 2010, 11:03:49 AM

Quote from: insurebaltimore on June 17, 2010, 10:35:55 AM
I only wish Untangle would allow for time policies (multiple racks) in the free version so that we could unblock certain sites at lunch time.

I have a TZ210 Sonicwall, and you CAN unblock sites during lunch time with a different Content Filtering policy. My setup is based on a range of IP addresses. That works for me since I use static IP addresses, but may not work if you serve up IP addresses using DHCP. They also have a setup where you can assign rights to different users and groups, but you have to have users login to do this. I believe they use RADIUS to do this, but there are other options too. Maybe Active Directory integration or something, I haven't looked.

I know that Sonic Point reporting software is available. I tried to install it once on my fax server, but the install failed and I never investigated what it would take to fix it. Apparently it uses a syslog server somehow, so I might be able to implement that on a spare Linux server. Don't know how it all works, but I have looked at the very basics of it. I'm pretty sure that almost all of the SonicWall devices use the same operating system in their firewalls, and I DO use the "enhanced OS" version, so I'm guessing that the primary differences between the NSA240 and mine would be more and faster processors and the OS would be the same. Could be wrong on that, though.

insurebaltimore · June 18, 2010, 09:57:08 AM

The reporting software was the final nail in the coffin for not purchasing the NSA 240. The server side of the software needs to be installed on a server that does NOT have database software on it. Since the majority of my servers have some level of SQL engine on them (Fax Advantage, Backup Exec, etc.) I'd have to have yet another server (on top of the $1500 for the device) just to get the reporting that Untangle does out of the box.

Jeff Zylstra · June 18, 2010, 12:13:25 PM

SonicWall claims that it can coincide with other SQL based apps, but I didn't have luck trying to make it work with Fax @vantage so I just gave up on it.