I am evaluating SurfControl Web Filter and I have found that this filter works only with Proxy enabled clients but I have the following problem.
I have a branch office that has direct access to the internet. It is also linked to the corporate network which has another access to internet. The ISA fw has 3 network interfaces: the external network (internet), the branch office LAN, and the corporate network.
People in the branch office can choose freely which link to internet to use. Now the choice can be made setting 2 different proxy servers: if they choose the ISA fw then the request is forwarded to the direct internet connection; if they choose the corporate proxy (which is outside the firewall), the corporate internet access is used.
My problem now is that those that choose the firewall proxy are correctly monitored by SurfControl, while those that choose the corporate proxy are ignored by it.
How can I solve the problem of having ALL people use the ISA proxy and still be able to let users choose the route to internet? (beside adding another firewall).
I think that would work if the ISA server were the one that would choose the route to Internet. What I want to accomplish is having the users choose which way to go. I am thinking of installing ISA server on an additional computer inside the branch office and configuring it using the "Single network adapter". This way I could use it as a proxy that routes requests to the corporate proxy. The users that want to access Internet through the ISP of the branch office will set their browser to use the firewall as a proxy; those who want to use the corporate access to Internet will set their browser to use this additional internal proxy.
Now I can run SurfControl on both ISA server machine and collect data from both.