Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: ISA Server Alternative

  1. #1

    ISA Server Alternative

    I posted a question quite some time ago asking if anyone had knowledge of an open source ISA Server alternative. Someone pointed out Censornet which is an incredible product with one issue that presents a major problem in my situation.
    I need to be able to drop a solution in that offers the logging capabilities of ISA on a per user basis (Win 2K domain), but at the same time, I can't have my users prompted to logon every time that they open their browsers. Currently, this isn't offered by Censornet.
    Does anyone know of an alternative (free of course!) that would offer this sort of capability?
    And please don't get me wrong, I'm not knocking Censornet at all. It's an AWESOME product, but it's just not offering the functionality I need at the moment.

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    You can do it thru Squid (on a linux box) using samba interface.
    However, I will suggest you (although you didnt ask for advices)
    - Dont set your proxy to automatically accept requests from client based on domain/station security. (or save passwords neither)
    - I faced a serious security problem when working on a large American company (tire company ).
    - Softwares that want to connect (like a spyware) to their home site can do it freely if you dont ask everytime the user identification
    - So all proxies on that company AFTER the incident were set to "ask everytime" when you try to establish a session

    just a bad experience
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    WOW, thats a lot to ask of free software.

    ISA server is pretty complex ( in all of its goodness and bad).

    I'm afraid that for free, you might have to glue together several packages or roll your own.

  4. #4
    cacosapo: i welcome any advice you guys can throw my way. it's all appreciated
    squid's cool and it does offer a lot, but i'm a *nix noob and strapped for time if you know what i mean. i don't know if samba is something i can pick up reasonably quick without a step-by-step guide. thanks for the advice though
    ss2chef: i agree completely that it's a lot to ask. do you know packages could be used? i know squid would definitely be a part of the solution...

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Can you tell me how you use ISA server now...If you do at all?

    Better yet, describe what problems you are trying to resolve specifically...

  6. #6
    OK, here goes...
    We're using ISA for logging and to prevent access to unauthorized websites (people here have some sort of strange addiction to farts.com...) log web usage on a per user basis (win2k domain) and to block various apps from getting outside (AIM, Kazaa). Our ISP administers our PIX so it allows us a bit of control without having to contact them. Obviously, we're not using it for it's fully intended purpose-- more of a web proxy than anything else.
    Blocking sites isn't so much of a necessity as tracking someone's web usages (for legal reasons obviously). I have to have the ability to log a user's web usage while not having them submit login information every time that they open up their browsers-- the way that ISA currently does.
    Censornet is cool in that it allows that you to log the info, but no so cool in the respect that it makes the user log in each time the start a browser up.
    Appreciate your help

  7. #7
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by infernon
    OK, here goes...
    We're using ISA for logging and to prevent access to unauthorized websites (people here have some sort of strange addiction to farts.com...) log web usage on a per user basis (win2k domain) and to block various apps from getting outside (AIM, Kazaa). Our ISP administers our PIX so it allows us a bit of control without having to contact them. Obviously, we're not using it for it's fully intended purpose-- more of a web proxy than anything else.
    Blocking sites isn't so much of a necessity as tracking someone's web usages (for legal reasons obviously). I have to have the ability to log a user's web usage while not having them submit login information every time that they open up their browsers-- the way that ISA currently does.
    Censornet is cool in that it allows that you to log the info, but no so cool in the respect that it makes the user log in each time the start a browser up.
    Appreciate your help
    So basically you want a product exactly like ISA server, but free? Is that what you are trying to do? If you are crunched for time and cannot learn linux for an open source solution, then I suggest you stick with ISA. Are you using the software firewall built into the ISA server? If not, you may want to check out one of the many proxy server products out there.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #8
    not necessarily not willing, but looking for something easy to configure if possible. should'nt have worded that they way that i did above.
    if you have any solutions for open source packages, i'm definitely open to them.

  9. #9
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Originally posted here by infernon
    not necessarily not willing, but looking for something easy to configure if possible. should'nt have worded that they way that i did above.
    if you have any solutions for open source packages, i'm definitely open to them.
    Well I have found many open source stuff that I liked, but most of the time it takes a little more time to learn than the average Windows point and click tool. Personally we use ISA server here because I thought it was easy to setup, (install and then open access by creating deny and allow rules) and it works great with Win2k server. So I guess I am a bit bias. I will look around for some alternatives.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  10. #10
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Checkout smoothwall from smoothwall.org to play with. It has some good features. And it's free!!


    You say you have a PIX....Good.

    Install a good syslog daemon. I like Kiwi....Its free and win32
    http://www.kiwisyslog.com/

    Place the machince on the network where your PIX can forward syslog messages to it.

    Have your ISP tell your PIX to forward syslog messages to the new syslog server.
    Make sure the logging level is at least "notifications"

    This will send outgoing webrequests to the syslog server.

    You can import the syslog file into EXCEL at anytime and review web browsing activity by sorting for that field.

    Worth a try with what you have anyway..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •