I need the opinions of you guys/girls between them. Which is better, Linux’s Proxy server or Microsoft’s ISA Server.
I almost only need it for security, I am not to worried about cashing. I need to be able to control internet access (who gets it, and how much they get) and be able to see who used up the last 2GB of the ADSL cap on a network with about 20 PC’s. What has your experiences been on ease of administration, stability and security with costs not being the decisive factor?
I need a hones opinion about this matter and not another debate about Microsoft V.S. Linux.
Squid Proxy v.s. ISA Server
Squid Proxy v.s. ISA Server
Never argue with an idiot. They will drag you down to their level and beat you with experience…
Well one major diff is Microsoft you pay, Squid you dont.
I dont have much experiance with ISA but with Squid i have lots.
I belive in squid, the company i work for is international.
and we only run 2 Squid servers on a Round robin setup.
and those proxies just stay up.
Localy we use Smoothwall, but you actually pay for it.
If i were you use Endian Firewall its brilliant!
You can limit bandwih, set browsing hours + its a fire wall,
Its an ISO image so you burn it to CD then boot off it and it will install linux
and configure every thing for you, very easy.
And then you use a web browser to configure it. Ithink this is a new product. Made by a buch of italians, lucky you get the english ver.
For corperate support you have to buy it, but if you know your way arround you dont need support.
check it out.
http://www.endian.it/en/community/download/iso/
Sorry forgot to mention, it uses ip cop for the firewall part and Squid for the proxy part.
I dont have much experiance with ISA but with Squid i have lots.
I belive in squid, the company i work for is international.
and we only run 2 Squid servers on a Round robin setup.
and those proxies just stay up.
Localy we use Smoothwall, but you actually pay for it.
If i were you use Endian Firewall its brilliant!
You can limit bandwih, set browsing hours + its a fire wall,
Its an ISO image so you burn it to CD then boot off it and it will install linux
and configure every thing for you, very easy.
And then you use a web browser to configure it. Ithink this is a new product. Made by a buch of italians, lucky you get the english ver.
For corperate support you have to buy it, but if you know your way arround you dont need support.
check it out.
http://www.endian.it/en/community/download/iso/
Sorry forgot to mention, it uses ip cop for the firewall part and Squid for the proxy part.
Also check out a router board we use it as a firewall at our offices. A very cost effective solution, as well as VERY configurable. It can do most things any other firewall can do
My 2 Cents
The issue is more along the lines as to what is easier to support.
If you are looking for an out of the box solution try CensorNet. It is a linux distro with a configured Squid install. What makes it good for the enviroment you have described is that it has built in reports highlighting who went where, etc. it also allows you to ban mime types so you can ban MP3, AVI, etc.
Also it works with a 2 tier security model. You set the machines access to the net (e.g. web only) anyone logging on to the machine will only be able to use software that uses port 80.
It supports banned phrases as well as a whitelist and black list. Access schedules can be time dependant.
I've used it in mulitple areas and it has always worked well.
Supports built in security or an interface into a active directory, so you know exactly who did what.
Works as a firewall or a bridge.
It can be found at http://www.censornet.com/ there is a free version and a subscription based one that auto updates the blacklist.
You could also look at IPCOP with the Squid stuff, but, the reports are not as good.
If you are looking for an out of the box solution try CensorNet. It is a linux distro with a configured Squid install. What makes it good for the enviroment you have described is that it has built in reports highlighting who went where, etc. it also allows you to ban mime types so you can ban MP3, AVI, etc.
Also it works with a 2 tier security model. You set the machines access to the net (e.g. web only) anyone logging on to the machine will only be able to use software that uses port 80.
It supports banned phrases as well as a whitelist and black list. Access schedules can be time dependant.
I've used it in mulitple areas and it has always worked well.
Supports built in security or an interface into a active directory, so you know exactly who did what.
Works as a firewall or a bridge.
It can be found at http://www.censornet.com/ there is a free version and a subscription based one that auto updates the blacklist.
You could also look at IPCOP with the Squid stuff, but, the reports are not as good.