Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sonicwall Content filtering opinions

Status
Not open for further replies.
Oct 16, 2008
17
0
0
US
Hello,
We have a Sonicwall Pro 2040 Standard firewall. Currently have no content filtering in place, but would like to get Content Filtering Premium for Sonicwall. Looking for something <$2000, and since Sonicwall offers that license, thought it would be the best choice.

Does anyone have any advice on how well Sonicwall's version works? Just doing a quick Google search brings up ways to bypass it. I don't want to spend the money on something that can be bypassed easily.

I welcome any opinions on this topic. Thank you.
 
You don't mention the number of users or your bandwidth to the Internet so I'll make a few assumptions. I personally use Sonicwall products and while they offer that option as an add-on, I don't use it. I have used it in the past and if your looking for something very basic (and I do mean basic), it does an ok job. The main problem is that it proxys out to Sonicwall's servers for the list of sites that are blocked... yes there is some cache that gets built up on the local Sonicwall appliance, but it's not the same as having a hard drive and that drive get updated everyday with new information. They have gotten better in their new NSA line, but the technology is still the same.

Look for a dedicated appliance (tier 1) that will give you that granularity of control, then follow that up with opening a free account with OpenDNS.com (tier 2) for you outside DNS. They have content filtering at the DNS level that is great, but remember that since it's the DNS level, it's all or nothing, so blocking categories like porn, drugs, proxy bypass sites, etc... might be ok for everyone, but blocking gambling might stop someone from booking a room at a hotel in Vegas.

Then use your Sonicwall to only allow DNS requests out of your network for only your internal DNS server(s) which have OpenDNS's DNS IP addresses as their forwarders. This way your users can't use anything else but your DNS servers for resolution.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top