GFI, a longstanding 4sysops sponsor, has a very generous offer for our readers. You have the chance to win a GFI WebMonitor 2009 license for 500 clients that is worth 8,500 U.S. dollars! You will find more information about this raffle at the end of this review.
Microsoft ISA Server veterans will probably know GFI WebMonitor, a web filtering and web security software that ISAserver.org readers have voted year after year as the best ISA Server add-on. Last November, GFI released a new version, GFI WebMonitor 2009, which is also available as standalone, gateway, and proxy software. This review is about the standalone version. Please note that there is also a free edition of GFI WebMonitor.
I suppose all administrators agree that having a UDP and TCP port filter gateway is an absolute must for every corporate network. But the bad guys shifted their focus from port scans to web-based attacks long ago. Their main targets are no longer the well protected net services running on servers; instead, they use end users as “open ports” to the corporate network. In my opinion, security software that protects the network from web-based attacks has become as essential as a gateway firewall.
However, the web—as useful as it is—poses another threat for companies. In particular, all kinds of Web 2.0 services are a great temptation for users, distracting them, and thereby, significantly reducing their productivity. Instead of working, they play on Facebook, search for their next romance on countless dating sites, or just do online shopping.
I believe that many admins underestimate the dangers that the web pose for their networks and the costs incurred by their companies because of uncontrolled, private web surfing. GFI WebMonitor is a technical solution for both threats. There is a security edition and a web filtering edition that can be purchased separately. However, it makes sense to manage both issues in one product. This will become clearer in the course of this review.
Both editions come with web monitoring capabilities that give you a good overview of what kind of web traffic goes through your network. Furthermore, you can define white and black lists of Internet domains that can be accessed by users, no matter which edition you have installed. This is already basic web filtering, but you will see later that WebMonitor’s web filter is far more sophisticated.
There are two ways to install WebMonitor. You can run it as a gateway, which requires two NICs in the server. It is also possible to install WebMonitor as web proxy. Personally, I would prefer the latter method because a new gateway firewall will make your network configuration more complicated. If your gateway becomes unavailable for whatever reason, it will take considerable effort to reroute the web traffic through another gateway. By contrast, the proxy settings in web browsers can be changed easily through Group Policy.
GFI WebMonitor also supports Web Proxy Autodiscovery Protocol (WPAD). Note that you always have to make sure that end users are unable to change the proxy settings or use another web browser, or all your efforts will be for nothing. This is the advantage of the gateway configuration, as it is more difficult for end users to circumvent.
In my next post, I will discuss GFI WebMonitor’s monitoring features in more detail.
If you’d like to have the chance to win a GFI WebMonitor 2009 license for 500 clients worth 8,500 US dollars, please send an email to
with the subject line,
Please also add your full name and the name of your organization. The deadline for entering this contest is February 25, 2010.