At Chittenden East we have Sonicwall NSA routers at each building - at our high school we have the extra subscription for application level control/blocking, gateway antivirus, spyware, intrusion prevention, etc.  This works well for finding and blocking proxies (not only urls but actual applications like OpenDoor, Hotspot Shield, etc).

We use Bitdefender for our client antivirus (which also has content filtering but we are not using that part of it).

We use OpenDNS (enterprise version) for our content filtering.  We also block all outgoing DNS except our own which prevents anyone from just entering their own DNS settings to bypass it.  We have gone through a lot of different content filters through the years but DNS filtering offers the best performance by far.  It is also super easy to configure and install - no servers to maintain, cloud management, etc.

We use Aerohive access points which also firewall a lot of applications right at the access point which reduces a lot of unnecessary traffic.

Feel free to contact me off list if you need any specifics.


Jeff Wallis
Chief Network Engineer
Chittenden East Supervisory Union

On Tue, Apr 29, 2014 at 12:48 PM, Bryan Thompson <[log in to unmask]> wrote:
Winooski School District uses a Juniper firewall for the standard policies, and a Marshall 8e6 appliance for web filtering.


Please consider the environment before printing this email. 

Bryan Thompson
Technology Coordinator
Winooski School District
60 Normand Street
Winooski, VT 05404

On Fri, Apr 25, 2014 at 2:20 PM, Craig Donnan <[log in to unmask]> wrote:
Hi all again,

Interested now in who uses the following manufacturers for firewall/threat management - single firewall/threat platform for all the schools in your SU?


And does your threat management do antivirus with a client on the endpoint as well as on the gateway?  Because I think you need a client on each system to catch the USB threats and other local file threats, so you need some software installed locally.

And does your firewall/threat management device do content filtering well, or did you have to get separate appliances or services?

Is your firewall a software firewall (untangle example)  or hardware firewall (cisco ASA 5500 example)?



Craig Donnan, MA
Systems Administrator
Washington West Supervisory Union
340 Mad River Park, Suite 7
Waitsfield, VT 05673


Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT


Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT

This e-mail may contain information protected under the Family Educational Rights and Privacy Act (FERPA). If this e-mail contains student information and you are not entitled to access such information under FERPA, please notify the sender. Federal regulations require that you destroy this e-mail without reviewing it and you may not forward it to anyone. 


Search the SCHOOL-IT Archive

Manage your Subscription to SCHOOL-IT