Endian Internals

[Guest]

[endboy]

Hi,
  I currently manage a small companies network. Currently, I use a debian linux server with squid as proxy, iptables etc.
However, there are various things which I cannot do because of which I considering a custom firewall product like Endian.
   
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.

1) If I block facebook through their http url, people can still access https version of same URL because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. Can Endian offer a better solution than this?

2) Also if I want to block no of sites, I have enter all their URLs manually. Is there something Endian offers to ease this?

3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.

4) Blocking P2P. Does Endian do this? How?

So can current users of Endian tell me if Endian is suitable product for my needs?

[bernieL0max]

just a  of short responses...

1. If you wanted to filter all outgoing HTTP/HTTPS requests, and not require the proxy to be manually configured you would enable the Endian transparent proxy, and block direct outgoing requests on those ports.  I believe (and I may be wrong), that the content filter can then only block based on URL/IP from categorised sites and blacklists.

2. The Endian HTTP content filter is 'content aware', it can be configured to block based on categories, decided by a (configurable) combination of previously categorised sites, content, phrases and keywords, as well as custom blacklists and whitelists.

3. You need to disable Universal Plug and Play (UPnP), and/or the Internet Gateway Device protocol (IGD) on your router!

4. Your default outgoing rule should always be 'DENY'; only ports & services that you explicitly allowed should be allowed out... leaving apps that use random or unusual ports, such as P2P & Torrent unable to connect to servers/peers/seeds.  This will also improve when you disable UPnP/IGD.