Help

Web Content Filter

Sean_M_Harper
Contributor

Posted on ‎09-03-2014 06:43 PM

Hello everyone!

We bought an ASA with the CX web filtering module. It did not work well at all. The ASA firewall portion works fine (which we still use currently as our main Firewall). Cisco then had us try CWS, which does not scale well to our environment (due to our user count). Then, they lent us an Ironport WSA, which just died today (after 2 months...). We are beyond fed up, and have wasted much time trying these solutions. Like many of you, we are also dealing with school just starting this week.

Would anyone have any recommendations for ANY web filter that might work well for a large school district? We are talking about 13,000 - 14,000 users between 23 sites. Our internet bandwidth is currently 500mb. This solution would likely be able to handle up to a 1GB connection, as our bandwidth is likely to increase sooner than later.

Any input is extremely appreciated,

0 Kudos
5 REPLIES 5

blackholemac
Valued Contributor III

Posted on ‎09-03-2014 07:26 PM

Use,recommend and heard good things about Lightspeed

0 Kudos

CasperSally
Valued Contributor II

Posted on ‎09-04-2014 04:56 AM

We left lightspeed because of their lack of mac support a few years ago. It's, hopefully, gotten better since then. I believe most of our problems were with their home filtering product, so may not be relevant to you.

We absolutely suffered with iPrism (lack of mac support is an understatement). Don't waste your time with them.

We are now with iBoss and couldn't be happier. Their development for the product is in house and that's been key for us when we do find something not working like it should. They just released an update to allow you to report on Chromebook users (by google apps ID), if you happen to have those too.

0 Kudos

tron_jones
Release Candidate Programs Tester

Posted on ‎09-04-2014 06:05 AM

What issuse are you having with the CX module? Roughly the same amount of users and sites as you. Just got our ASA with CX installed and been up and running for a week now. Just curious to what you ran into with the CX module and ASA.

0 Kudos

qhle373
Contributor

Posted on ‎09-04-2014 10:19 AM

We use lightspeed. They made some improvements as far as sub link access as well so we can allow an instance of youtube through a trusted site whereas the youtube.com can remain blocked.

0 Kudos

Sean_M_Harper
Contributor

Posted on ‎09-10-2014 05:09 PM

According to Cisco: "The CX Project has been discontinued due to catastrophic failures in the way web filtering is handled. Due to several complete module crash bugs in several OS builds, the project is being dropped for the newly purchased SourceFire product. However, this will not be ready for production until at least next year at the earliest in a stable fashion".

Our Version: Our CX died, like 15 times.... They "tried" to assist by giving us "new" OS updates that would keep repairing our issues. Sadly, they became even worse and a few even removed the ability to set rules on the CX all together. Cisco then moved us into CWS for temp filtering, only to pull us off that service the second the realized how many user seats we support on a daily basis. Finally they moved us to a WSA IronPort box, which has been "exciting". If we were a large enterprise client, and not education, we would have been fine. However, its just not feasible to ask a 6 year old to domain authenticate themselves on login (and so on...). Lightspeed gave us a demo today, and it looks like a solid answer. Is it as in-depth? No. Does it do packet shaping? No. Does it work very well and flow like an EDU market needs? Yes. I am yet to see this box in full production, but as it appears, its going to be the answer.

Thanks to everyone for the feedback. @tron_jones: I would address the discontinued CX issue head on. Unless they intend to give you a SourceFire module later, you need to get in contact with someone who knows more about what we were told.

0 Kudos