Erick. If I understand the issue has an embedded video from, that you want to play.   

First you must understand that Untangle's content filter is not designed to compete with Iprisum and N2h2, however with the addition of eSoft they now offer a commercial list of bad sites.  Untangle is designed to be an everything product with VPN, Spam filtering, Antivirus (pipe only), Firewall, file/rdp access portal & others, whereas Iprisum is designed for only for web filtering.  

I personally have a very open policy and have made it known that teachers must monitor their students, and relying on the content filter is not good practice.   

As for enableing/disableing video.  Untangle has something called protocol control which allows you to block/pass all types of protocols like IM, Video Streaming, p2p, and more.  You are also able to customize these settings per person.   Untangle doesn't yet have a bypass by username and password (it is one of the top features they are working on) , however in your policieys you can have give your staff the option to click a button that will bypass the filter, at which time it will be logged as a bypass, and I think even email you. 

Bryant and I did a demonstration of Untangle at the last FOSSED converence.  I am sure we can work out a shorter one for FOSSVT. 


p.s. I have been able to get a computer to do anything except make me a better speller. 

----- Original Message ----- 
From: "Eric Hall" <[log in to unmask]> 
To: [log in to unmask] 
Sent: Saturday, December 20, 2008 8:33:17 PM GMT -05:00 US/Canada Eastern 
Subject: Re: Untangle gateway 

Since Vince has opened the ol’ filtering can-o-worms, here’s my response & additional question: 

We continue to use iPrism, and I am still (mostly) satisfied. It does integrate with Active Directory, although we have not yet implemented that piece (soon to come) and have always filtered by IP. Since staff have the ability to override, this has not been too much of an issue. The appliance offers ease of use, config and access as well as good reporting (if necessary) and a sufficient diversity of categories to turn off/on/monitor as well as the ability to block IM/P2P ports and proxies. 

The drawbacks that are starting to annoy: since we rely on “review” by St. Bernard, anything not reviewed (new sites, small & obscure sites, our own sites, local sites, etc) is rated “other” and by necessity we have that closed. This means building a whitelist of unrated sites we want access to. The more infuriating issue lately is the proliferation of video sites that stream from anonymous servers (caching with Google, Akamia, or their own secondary server by IP). While it is easy to either whitelist or override to get to the “gateway” sites, I have had many circumstances where the only way to get their content is to drop the filter completely. A quick look at Netstat tells me where it is coming from, but many of these services (CBS News, for instance) stream from a variety of servers at different times – load balancing, I imagine. The word-cloud tool “Wordle” gave me similar issues: java content coming from Google’s servers, but different ones at different times of day. 

How do Untangle and others handle this? Are other folks having similar issues? 



on 12/20/08 4:56 PM, Vincent Rossano wrote: 

Sorry list folks, my last message was intended for Bryant Patten, not the list-at-large.  However,  I wouldn't mind opening up the ol' filtration frustration discussion again.  Anybody else have any advice as to what we might look at that would allow us to filter by user login? 


>>> On 12/20/2008 at 4:48 PM, Vincent Rossano < [log in to unmask] > wrote: 
> Bryant, 
> A couple of months ago, I posted a message looking for info on Untangle.   
> You seem to have been the one recommended as most knowledgeable.  We were, at 
> that time, just getting an Untangle server up and running and were having 
> some success with it, but we needed more granular filtering than the free 
> version would allow. For the last month or so, we've been running an 
> evaluation of 8e6's product: IR3000.  It looked extremely promising but has, 
> in practice, been clumsy in handling Mac filtering.   
> Anyway, my short-version question is this:  can Untangle - in any version - 
> filter by authentication? 
> Elaboration:  We cannot effectively filter by IP address because many of our 
> computers are shared by faculty and students.  What we had hoped to do was 
> have the filter identify people via LDAP and have their filter level be based 
> on their status (e.g., student, staff, faculty).  8e6 was able to do this, 
> but - on the Macs - only with an annoying separate login routine each time they 
> opened a browser.  The Mac folks haven't been happy with this - though we 
> might be able to continue with this aggravation if necessary, but I can't see 
> paying big (for us) bucks to 8e6 when perhaps we could achieve the same 
> annoyance level for much less money. :-) 
> Back to the shorter question: can Untangle meet our needs? 
> Thanks for any help you can offer. 
> -Vince