• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SurfControl Mobile Filter

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> SurfControl Mobile Filter Page: [1]
Login
Message << Older Topic   Newer Topic >>
SurfControl Mobile Filter - 5.May2006 9:35:19 AM   
bctgroup

 

Posts: 34
Joined: 29.Nov.2005
From: Paul Welsh
Status: offline
Hi all
 
We run ISA 2004 with SurfControl for ISA v5 on Windows 2003.
 
I'm about to test the Mobile Filter module for SurfControl.  It's an interesting product.  It's designed to enforce SurfControl policies on laptop and other remote users.  I thought it kept a copy of the SurfControl policies locally and updated these over the VPN or LAN, but that's not how it works.  What it does is to check back in real time with the Mobile Filter server each time the user tries to access a web site. 
 Pros- Inexpensive at about 200 for 25 users.- Claims to be tamper-proof and would be transparent to the end-user.- Allows lapotp users to use their own Internet connection rather than have to use bandwidth by connecting to the office via VPN and browsing the web that way. 
Cons- Requires a dedicated server to be placed on the DMZ (http://www.surfcontrol.com/uploadedfiles/Mobile_Filter_Deployment_and_Best_Practices_Guide.pdf) so the product's cost is dwarfed by the expense of buying and licensing a new server.- Firewall rules would have to be implemented allowing the Mobile Filter server to communicate with the SurfControl SQL database on the ISA server and with Active Directory. 
Has anyone tried out this product? 
 
Anyone not using a DMZ?  I ask because we host a couple of web sites and don't have a DMZ.  It's the Swiss cheese argument.
 
Regards
 
Paul
Post #: 1
RE: SurfControl Mobile Filter - 11.May2006 2:20:41 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Yeah works well...

It is not necessary to put the mobile filter in the DMZ, as you can publish it using ISA web publishing and appropriate paths/HTTP filters for better security. I have a customer doing this just fine

SurfControl dont seem to understand the concept of reverse proxying and hence just mention DMZ

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to bctgroup)
Post #: 2
RE: SurfControl Mobile Filter - 11.May2006 11:49:20 AM   
bctgroup

 

Posts: 34
Joined: 29.Nov.2005
From: Paul Welsh
Status: offline
quote:

ORIGINAL: Jason Jones

It is not necessary to put the mobile filter in the DMZ, as you can publish it using ISA web publishing and appropriate paths/HTTP filters for better security. I have a customer doing this just fine  


Yes, when I came to install the product I noted that all that was required was to have port 80 access to the server hosting the mobile filter.  No need to put the server in the DMZ at least for test purposes.

I think what will decide me on this one is whether the mobile filter server can integrate with the ISA server filter.  I got the distinct impression that user access would be logged to a central database on the ISA server, but I've had no joy pointing the mobile filter server to the ISA server db.

If the mobile filter ends up as a stand alone product then there's a stronger case to put it in a DMZ.  The thing is, in order to check user permissions etc it has to access Active Directory.  If it's on a DMZ that means putting another hole in the firewall. 

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> SurfControl Mobile Filter Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts