I would suggest trying Sophos filtering appliance. I haven't tried all products, YMMV, etc. We did a 30 day trail of it, and the pricing came up much better than Cisco IronPort. It integrated with AD, started giving us complete per user breakdowns of sites visited. Easy enough to setup, no big complaints. Problem was after management understood that it tracked -everyone-, purchasing was not approved. So I can only mention our trial. We also were loathe to implement something that was capable of HTTPS MitM, as even if we didn't use the feature it makes that appliance a mighty juicy target. It does time scheduling of sites, but I don't know if it does bandwidth limiting per site.
I use PFsense 2.0 at all our sites currently, and while it doesn't have fine per-user control, its an excellent tool. Between QoS and hard Limiters (dummynet), I have bandwidth guarantees for internal traffic, phones, and specific Internet sites. Everything else is thrown into a non-critical bucket for standard browsing/streaming. (BSD Perimeter rocks and support is super cheap btw). On 11/04/2011 12:36 AM, Atom Powers wrote: > I currently have a OpenBSD/pf router, but PF doesn't give me the > ability to use wildcard domains, necessary for filtering Netflix, > Steam, and other content CDNs, or set QoS policies like "Group-A can > use up to 90% of the bandwidth, Group-B can use up to 50%, but > Service-N can't be more than 100Kb per user." > > I'm looking at Palo Alto Networks, the feature list on their site > doesn't look very promising but we'll see what the Sales Engineer > says. Barracuda doesn't have a single product that does content > filtering and bandwidth shaping. > > Any other suggestions? > > On Thu, Nov 3, 2011 at 9:14 PM, Ed <[email protected]> wrote: >> if you don't have time for pf/OpenBSD >> try pfsence >> http://www.pfsense.org/ >> >> >> On Thu, Nov 3, 2011 at 3:17 PM, Atom Powers <[email protected]> wrote: >>> Management is not-quite happy with our current Internet filter and has >>> asked me to look for a better product. Specifically, I'm looking for a >>> product that does more than just block URLs, something that >>> policy-based bandwidth shaping so that, for example, YouTube is >>> allowed but has a lower data rate than nasa.gov. Big points if it can >>> tie into LDAP and has bandwidth quotas per account. >>> >>> Normally I would build something out of open-source software, but I >>> already have too many projects on my hands and I need something >>> quickly. >>> >>> Any suggestions? What have you used? What would you recommend? >>> >>> -- >>> Perfection is just a word I use occasionally with mustard. >>> --Atom Powers-- >>> _______________________________________________ >>> Discuss mailing list >>> [email protected] >>> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss >>> This list provided by the League of Professional System Administrators >>> http://lopsa.org/ >>> > > _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
