At Chittenden East we have Sonicwall NSA routers at each building - at our
high school we have the extra subscription for application level
control/blocking, gateway antivirus, spyware, intrusion prevention, etc.
 This works well for finding and blocking proxies (not only urls but actual
applications like OpenDoor, Hotspot Shield, etc).

We use Bitdefender for our client antivirus (which also has content
filtering but we are not using that part of it).

We use OpenDNS (enterprise version) for our content filtering.  We also
block all outgoing DNS except our own which prevents anyone from just
entering their own DNS settings to bypass it.  We have gone through a lot
of different content filters through the years but DNS filtering offers the
best performance by far.  It is also super easy to configure and install -
no servers to maintain, cloud management, etc.

We use Aerohive access points which also firewall a lot of applications
right at the access point which reduces a lot of unnecessary traffic.

Feel free to contact me off list if you need any specifics.


Jeff Wallis
Chief Network Engineer
Chittenden East Supervisory Union

On Tue, Apr 29, 2014 at 12:48 PM, Bryan Thompson <
[log in to unmask]> wrote:

> Winooski School District uses a Juniper firewall for the standard
> policies, and a Marshall 8e6 appliance for web filtering.
> Bryan
> ---
> ♻ Please consider the environment before printing this email. ♻
> Bryan Thompson
> Technology Coordinator
> Winooski School District
> 60 Normand Street
> Winooski, VT 05404
> 802-655-2555
> On Fri, Apr 25, 2014 at 2:20 PM, Craig Donnan <[log in to unmask]> wrote:
>> Hi all again,
>> Interested now in who uses the following manufacturers for
>> firewall/threat management - single firewall/threat platform for all the
>> schools in your SU?
>>  Cisco
>> Juniper
>> Untangle
>> Sophos
>> Sonicwall
>> Other:
>> And does your threat management do antivirus with a client on the
>> endpoint as well as on the gateway?  Because I think you need a client on
>> each system to catch the USB threats and other local file threats, so you
>> need some software installed locally.
>> And does your firewall/threat management device do content filtering
>> well, or did you have to get separate appliances or services?
>> Is your firewall a software firewall (untangle example)  or hardware
>> firewall (cisco ASA 5500 example)?
>> Thanks.
>> Craig
>> Craig Donnan, MA
>> Systems Administrator
>> Washington West Supervisory Union
>> 340 Mad River Park, Suite 7
>>  Waitsfield, VT 05673
>> 802-496-2272 x120
>> fax: 802-496-6515
>>  -----------------------------------------------------------------------
>> Search <> the SCHOOL-IT
>> Archive
>> Manage <> your
>> Subscription to SCHOOL-IT
> -----------------------------------------------------------------------
> Search <> the SCHOOL-IT Archive
> Manage <> your
> Subscription to SCHOOL-IT


This e-mail may contain information protected under the Family Educational 
Rights and Privacy Act (FERPA). If this e-mail contains student information 
and you are not entitled to access such information under FERPA, please 
notify the sender. Federal regulations require that you destroy this e-mail 
without reviewing it and you may not forward it to anyone.