A while ago I had the chance to review GFI Webmonitor, an ISA Server add-on that enhances significantly the possibilities for web access and download control. Now, GFI introduces a great and brand new option within web monitor possibilities: GFI WebMonitor version that does not require an ISA Server installation.

You can download the free 30-day trial here. And even more, once the trial expires, the software switches to freeware mode; where you maintain the monitor features but the security and access control are removed.

Differences with the ISA Server add-on version? None

The first thing I’ve started to wonder about this product is: It doesn’t require ISA Server, so which capabilities and features will be lost? Well I had a great surprise there, not only maintains all the features, but also there a few new ones.

GFI WebMonitor dashboard, same as the ISA add-on version

Reviewing New GFI WebMonitor

As you can see, the dashboard looks the same, but let’s take a closer look about the tool and find out a little bit more.

Installation Process

Same, again. As we’ve seen it in my previous post, the installation is a very simple and intuitive process; the same one is included here. In my environment I’ve installed GFI WebMonitor on a Windows Server 2008, working just as a member server in my lab environment.

At the end of the installation, you’ll get all the necessary hints to start working with GFI WebMonitor.

Based on my configuration, the simple proxy mode is selected

The last message: All that you actually need to configure your clients

Configuring Clients

With the last image, you’ve already had all the necessary information to configure your clients. Just configure your browser proxy server options.

Internet Explorer Proxy Server options

Remember that you can automatically configure these options using Group Policies in your domain. User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings

Group Policies: Proxy Server option for IE

Configuring the Server

Before start testing your clients with the proxy options, you should verify that the machine working as a proxy has the 8080 port open to receive connection from the clients.

Just add an exception in your firewall to allow traffic

You can also configure in your GFI WebMonitor a few more options related to the proxy settings: Authentications and chained options.

You can use anonymous, basic and integrated authentication for proxy clients

Chained Proxy: When you have a separate proxy or firewall in your network.

The rest of the configurations within GFI WebMonitor, you’ll find the exact same as my previous review:

– Statistics: Nice data parsing showing bandwidth consumption, sites history, users history. One of my favorites within this stats is the “top policy breakers”: users that more times have tried to access content prohibited by your policies.

– White and Black lists. The name isn’t that simple as the configuration needed to block websites and content.

Blacklisting facebook.com

And the clients will receive a message like this:

– Web Filtering Policies: All the policies defined here will allow you to manage access to certain sites and even pre defined categories to specific users, groups or even IP address. Including the time window in which each policy will apply. Pretty simple to configure and set.

– Security: This section represents one of the most powerful within this tool, you get the chance to configure Download Control Policies (which users can download what and when); IM Control Policies (allowing or blocking IM); and my favorite Virus Scanning.

All the content that is downloaded from the clients will be scanned with three different antivirus engines: BitDefender, Kaspersky and Norman antivirus; all of them with databases updated constantly.

Every time a user downloads a file, by default, the window that will appear:

And virus scanning, of course

And GFI WebMonitor also gives you the “Quarantine” section to analyze blocked downloaded content.

One of the new features introduced is the “Hidden Downloads” section. That show downloads which were unattended by users that could reveal malware or unwanted applications within the network.

More Resources and Troubleshooting

Installation and Configuration

– How can I exclude some websites from passing through the GFI WebMonitor proxy?

Troubleshooting

– Mozilla Firefox keeps asking for credentials repeatedly
– Integrated authentication fails with GFI WebMonitor 2009 Standalone Proxy
– Internet Explorer is unable to retrieve my new wpad.dat configuration

Conclusions

– This tool represents a great way to easily use and configure a proxy server in your network in just a few seconds. From the installation process to the web filtering policies, all of them represent very intuitive and simple processes; you don’t need expert knowledge in firewall or proxy servers.

– Removing the ISA Server requirement, you almost have no excuse to give it a try if you are concerned with your current bandwidth consumption and access control.

– The security section gives you a nice bonus and avoiding having viruses or malware within your network. You know the feeling, having just one negligent user can become in several work hours for your help desk department.

If you are considering implementing new security policies in your company, you should know that what people usually access every day on the web it is a significant matter.

Cheers!