SurfControl Web Filter Appliance review
SurfControl’s latest family of web-filtering solutions may be appliances, but they differ from the mainstream as they’re endowed with Microsoft’s Windows Server 2003 R2 and its ISA Server 2006.
Installation starts at the front panel of the appliance, as it’s delivered with everything locked down. Using the LCD and wheel, you enter the LAN, WAN and DMZ IP addresses as required and then define those systems that are allowed to manage the appliance. Now you can access it remotely via a browser, where you get the standard ISA 2006 web management interface, but with an extra tab for the SurfControl components. You can add a monitor plus USB keyboard and mouse for local access; and we prefer local contact or access via RDP as, although the web interface is easy to navigate, it can become cluttered.
The ISA server needs to be configured and comes with templates for different deployment scenarios, and we opted for the straightforward edge firewall template. Next, you associate the internal adapter with the LAN subnet ranges, choose a base firewall policy and activate it. SurfControl then has to be activated using a quick-start wizard. We were able to leave it mainly on defaults, after which it downloads the master database in about 15 minutes.
The SurfControl tab then changes to include options for threat management, which allow you to create access rules, view reports and load a real-time monitor showing blocking actions and who they’ve been applied to. The Web Filter Manager lets you add other SurfControl collection servers and databases, but in this scenario you’re more likely to be using only the local server.
Rules control access and a small selection is provided to get you going, although we found them easy to create using the wizard. The rule administration screen is easy to use. You decide whether a rule will allow or deny access or use an allowance – a feature that limits users to a certain amount of internet time or controls the amount of data they can download for that category. And there’s plenty of choice, as SurfControl provides around 55 web-content categories – not as many as Websense Express, but certainly more than most.
You can apply rules to any network object, and this includes specific users and workstations plus AD domain groups and members or custom lists. Bandwidth controls can be applied to each allow rule, where you select one of five priorities to web traffic. Blocking rules can have a custom notification web page applied and you can send email notifications to multiple addresses when a rule is activated. As for what you want to filter, along with HTTP, HTTPS and FTP, you can select ports, protocols, subnets and file types.
The SurfControl Web Filter Appliance isn’t as easy to install and configure as many Linux-based solutions, but it provides plenty of sophisticated access controls. We found the category database very accurate, but smaller businesses will find this a pricey alternative.