Web policy routes tie everything together by assigning filtering decisions to selected targets. Earlier versions of MIMEsweeper for Web could only define targets with machine lists which use IP addresses, ranges and hostname definitions. We defined our target network using an IP address range with wildcard but Active Directory is now supported so you can define LDAP servers and apply filtering policies to your AD users and groups. A feature we were expecting to see in this version was policy route scheduling but Clearswift advised that this will not be available until the next release.
Clearswift's policies are very flexible as you can also add conditions to each policy route where traffic can be allowed unless a triggering action occurs. We had a few minor problems blocking social networking sites and had to use trial and error for many. For example, FaceBook and MySpace both come under the Personal Web Sites category whereas YouTube is classed only as a Streaming Media site. It would be handy if there was an option to enter a URL in the console and just see how Clearswift categorises it making it easier to create policy routes.
Clearswift also offers its MimeSweeper for SMTP appliances and a key feature is the ability to manage them both from one console. Once you've added the mail appliance as a peer, or visa-versa, you then get all web and mail policy routes, SpamLogic options and all associated settings available from one console.
When a user attempts to access a blocked site you can send them a customised warning web page with the company logo and suitably strongly worded advisory messages. For each policy you can decide who should be notified when transgressions occur and this is where Informs come in as these define email addresses and policies can contain multiple Informs. The System Center provides access to general appliance configuration and offers a slick health page with graphs on system utilisation, threat rates and bandwidth usage along with the status of all automatic updates to the anti-virus and anti-spyware engines and URL database.
Reporting is a strong feature which provides a range of predefined reports that can be easily customised to suit. You can, for example, see who has been visiting spyware sites, check out the most popular sites, monitor which ones are generated the most network traffic and keep up to date with policy actions. The results can be viewed in a web page, exported to PDF or CSV formats and emailed to a selected user. You can also control administrative access to the appliance via the User Center where you create new users and decide what functions they are allowed to use.
Clearswift's policy based security offers a strong set of web content filtering features and support for LDAP means they can now be applied to users rather than just physical systems. Once you get the hang of the relationship of each component in the policy routes they are easy enough to configure and we found them to be very versatile.
Verdict
Clearswift delivers strong web content filtering with an easily deployed appliance based solution. The use of rules and routes allows for tough policy based access controls and although policy scheduling has still yet to be implemented the ENW looks capable of enforcing a wide range of AUPs in the workplace.
Chassis: Dell PowerEdge 1950 1U rack server
CPU: 2 x 2.33GHz Xeon E5410
Memory: 2GB 667MHz FB-DIMM
Storage: 3 x 146GB SAS hard disks in RAID-5
RAID: Dell PERC 5/i controller
Network: 2 x Gigabit Ethernet
Power: Dual hot-swap 670W supplies
Management: Web browser
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.