We use Websense Web Security Gateway. Have been for a number of years. It does great capturing port 80. However, to be able to resolve the 443 traffic, you have to run it through the Content Gateway product. There is a way to setup transparent proxy, but in our testing, you had to login whenever you opened a browser, and our users would balk at that. So we went with the explicit proxy, which is to set the proxy settings in the browsers. It is funny that you mention Palo Alto firewalls, as our Agency IT is bringing those into the Agency datacenter, and we will be looking at them as a possible enhancement/replacement.
> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Thursday, August 07, 2014 10:14 PM > To: [email protected] > Subject: Re: [NTSysADM] Pushing proxy for Firefox > > What is there about the proxy that you've implemented is so compelling? > > I ask, because we're just now implementing our PaloAlto firewalls, with URL > filtering and an IPS and other extra goodness, and it doesn't require any > proxy settings - the firewall is the proxy. > > I'm liking the all-in-one manageability - but your situation is likely > different > than ours... > > Kurt > > On Thu, Aug 7, 2014 at 9:19 PM, Heaton, Joseph@Wildlife > <[email protected]> wrote: > > We looked at setting up WPAD, and using our Websense Content Gateway > to publish the pac file, but that ended up being a major pain, so we went > GPO for IE/Chrome. The FirefoxADM and gpo tools are what I had found > earlier, and I had also read all the warnings about them not being kept up to > date with the new versions of Firefox. I'm going to look at these tools > tomorrow, and see what I can do. It may just come down to giving people > instructions on how to set their own proxy settings. Once this is pushed out > department-wide, we're going to block all outgoing traffic on ports 80 and > 443. If you're not going through the proxy, you don't get to the internet. > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Kurt Buff > >> Sent: Thursday, August 07, 2014 5:18 PM > >> To: [email protected] > >> Subject: Re: [NTSysADM] Pushing proxy for Firefox > >> > >> The usual answer for this is wpad and pac files - see this article for a > gotcha: > >> http://technet.microsoft.com/en-us/library/cc995158.aspx > >> > >> and this is an intro: > >> http://technet.microsoft.com/en-us/library/cc995261.aspx > >> > >> Unfortunately, Firefox doesn't understand setting proxies via DHCP - > >> a definite limitation... > >> > >> Kurt > >> > >> On Thu, Aug 7, 2014 at 8:36 AM, Heaton, Joseph@Wildlife > >> <[email protected]> wrote: > >> > Our organization is moving towards using a proxy for internet browsing. > >> > Trouble is, we allow multiple browsers (IE, Chrome and Firefox). > >> > Chrome is easy since it uses the settings from IE, and IE has GPO > >> > settings I > >> can use. > >> > But Firefox doesn’t. I’ve found a couple of tools on the internet, > >> > but was wondering if anyone here had hands-on experience doing this > >> > already, and had a preferred method they’d like to share. > >> > > >> > > >> > > >> > Thanks, > >> > > >> > > >> > > >> > Joe Heaton > >> > > >> > Enterprise Server Support > >> > > >> > Information Technology Operations Branch > >> > > >> > Data and Technology Division > >> > > >> > CA Department of Fish and Wildlife > >> > > >> > 1807 13th Street, Suite 201 > >> > > >> > Sacramento, CA 95811 > >> > > >> > Desk: (916) 323-1284 > >> > > >> > > >> > > >
