Webfiltering - what do you use - assuming you do.
- 
 @johnhooks said: Bahahahaha, who the crap would pay that? I wonder how many companies actually look to see if tools like this can save money. That is a lot of productivity that they have to improve to justify cost like that. Sure they often lower risk (not backdoored ones, but in general) so there is savings there as well, but cost of acquisition, configuring the environment to use it, cost of lost access to needed resources (they always block something that you need), cost to run and power, labour, etc. It adds up. You have to pretty much generate the value of one or two whole new employees from that thing to justify buying one! 
- 
 That's basically $50K over a five year contract. And the chances that it will be fast enough to use five years from now will be maybe 50%. Plus whatever it cost to power, maintain, etc. That adds up quickly. 
- 
 @scottalanmiller said: @johnhooks said: Bahahahaha, who the crap would pay that? I wonder how many companies actually look to see if tools like this can save money. That is a lot of productivity that they have to improve to justify cost like that. Sure they often lower risk (not backdoored ones, but in general) so there is savings there as well, but cost of acquisition, configuring the environment to use it, cost of lost access to needed resources (they always block something that you need), cost to run and power, labour, etc. It adds up. You have to pretty much generate the value of one or two whole new employees from that thing to justify buying one! I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of. 
- 
 @scottalanmiller said: That's basically $50K over a five year contract. And the chances that it will be fast enough to use five years from now will be maybe 50%. Plus whatever it cost to power, maintain, etc. That adds up quickly. On that note, Barracuda will give you a new one after you renew the "instant replacement" for the 4th time, so beginning of year 4, you could get a new unit for free. 
- 
 @Dashrender said: OK I was given another reason why they didn't want Facebook, at least on our office computers. you know.. the reasoning seems so off the wall, I just can't even write it. 
 lolYou can't do that and not tell us haha. 
- 
 @johnhooks said: I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of. We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours. Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter. In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list. 
- 
 @Dashrender said: @johnhooks said: I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of. We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours. Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter. In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list. One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess. 
- 
 @johnhooks said: @Dashrender said: @johnhooks said: I only have experience with the Sophos UTM, but the web filtering was such a pain to set up. I mean, it was at least a day of configuring, and then there was always other junk that needed added later on that you didn't think of. We had it in our SonicWall until I stopped paying for maintenance (also $2K+ a year) - it didn't take anywhere near 8 hours to setup, maybe it took 2 hours. Sure as new sites were incorrectly blocked you had to add them to a white list, but this is no different than a spam filter. In the three years we had the SonicWall, I only added 3 or 4 sites to the allow list. One of our big pains was CrashPlan, the backup servers were all blocked by default and we had to add them one at a time as they came up. The other giant pain was getting certs set up and not having Chrome complain about them. It was a big mess. How did you handle doing a MITM on all of your users and not have chrome refuse to work for places like Google services? 
- 
 I used Watchguard XTM devices and loved them. 
- 
 @johnhooks said: @Dashrender said: OK I was given another reason why they didn't want Facebook, at least on our office computers. you know.. the reasoning seems so off the wall, I just can't even write it. 
 lolYou can't do that and not tell us haha. OH OK.. So someone created a location inside FB about our business. We've know about it for a few years, it was created in 2012 (back when everyone used to check in everywhere). Currently the location is owned/run by Facebook, not us. But we are able to take over that location since it is our business (we haven't done it yet). So sometime last week, a patient had a complaint, found this location and posted on the wall of that location. We had an employee who had also liked that location and became aware of the complaint while they were off the clock, but apparently in the building. This employee then told others (who were already on the clock) about it. A rukus ensued. So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it). 
- 
 @Dashrender said: @johnhooks said: @Dashrender said: OK I was given another reason why they didn't want Facebook, at least on our office computers. you know.. the reasoning seems so off the wall, I just can't even write it. 
 lolYou can't do that and not tell us haha. OH OK.. So someone created a location inside FB about our business. We've know about it for a few years, it was created in 2012 (back when everyone used to check in everywhere). Currently the location is owned/run by Facebook, not us. But we are able to take over that location since it is our business (we haven't done it yet). So sometime last week, a patient had a complaint, found this location and posted on the wall of that location. We had an employee who had also liked that location and became aware of the complaint while they were off the clock, but apparently in the building. This employee then told others (who were already on the clock) about it. A rukus ensued. So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it). You were correct, this is as silly as Monty Python's Camelot. 
- 
 @Dashrender said: So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it). So wait... there was a customer on FB and instead of the reaction being "oh gosh, we had better monitor who is talking to us" the reaction is "we'd better block this so we can officially ignore them?" 
- 
 @scottalanmiller said: @Dashrender said: So now, in the hopes of keeping animosity down we want to keep people off FB on company resources to try to cut down on the drama (well, at least talk about it). So wait... there was a customer on FB and instead of the reaction being "oh gosh, we had better monitor who is talking to us" the reaction is "we'd better block this so we can officially ignore them?" LOL - the staff is who is being blocked, not the administration (or at least potentially). though in writing this, if I use JB's free easy to implement solution of creating a DNS entry for FB on my local DNS server, that would effectively block anyone inside my buildings from using it since they all use my DNS server, so even admins couldn't get there.... hmm... 
- 
 Yeah, that is what I was guessing. Full blocking. Sure people will see it on their phones, but makes responding to customer complaints rather difficult. 
- 
 @scottalanmiller said: Yeah, that is what I was guessing. Full blocking. Sure people will see it on their phones, but makes responding to customer complaints rather difficult. And really not appropriate from a business perspective (well, seems weird to require the assigned to mange users to be forced to use their phones instead of their desktop to manage it). 
- 
 Yeah, not ideal. 




