St. Bernard to the rescue

iPrism appliance can help admins get a better handle on Web traffic

iPrism M1200

Performance: A

Ease of use: B+

Features: A-

Value: B+

Price: Starts at $3,490

Reviewer's comments: A no-fuss Web-filtering appliance that is nearly impossible to bypass.

Contact: St. Bernard Software

San Diego

(800) 782-3762

Company's iPrism appliance can help admins get a better handle on Web traffic

Every network administrator knows that bandwidth is money. Every time a user loads a Web page into their browser, it eats up a chunk of allotted bandwidth. Too much extraneous browsing can add up to performance degradation or, in some cases, additional charges by an Internet service provider.

What's more, inappropriate or offensive Web material can lead to other problems in the workplace. Not only is smut likely to cause angst amongst co-workers, many sites that house such material are as likely as not to download malicious code onto a browser's computer. While most workers maintain a professional attitude, bad Web browsing can be a problem anywhere, and the network administrator is almost always called to fix it.

The iPrism M1200 from St. Bernard can help. With its constantly updated site ratings, adjustable access controls and extensive reporting tools, this appliance can put a lid on unauthorized browsing and keep traffic down to reasonable levels.

The iPrism fits easily onto a 19-inch rack and takes up 1U of space, and with a 1.2-GHz Intel processor and 512MB of RAM, it is more than powerful enough to do the job. In addition to its two 100-Mbps ports for throughput, the iPrism also has another 10/100-Mbps port and a serial port for a management console.

A console connection is generally not necessary, as the appliance can be managed from any computer within the local network that has the Appliance Manager software installed. Once we installed it, we were able to assign the iPrism an IP address and fill out other networking information. We were then taken to the login screen for the Configuration Manager, where we entered license numbers, set the time and told the system about our network setup. We found this process very straightforward.

There are two ways you can connect the iPrism to your network. In bridge mode (which St. Bernard recommends for a live network), it sits between your firewall and the rest of your network, thereby filtering all Internet traffic. In proxy mode it's connected inside the network via its internal interface. In this mode, either users' browsers must be set to use the iPrism as a proxy server or a domain policy must be created. St. Bernard also recommends that you set your firewall to block any HTTP traffic that doesn't come from the iPrism. While this would make it almost as secure as if it were set for bridge mode for HTTP traffic, the iPrism is not able to filter peer-to-peer traffic in proxy mode.

The Configuration Manager lets you set up filtering exactly the way you want it. You can create a variety of access control lists, which let you choose to report and/or block Web sites by categories that St. Bernard constantly updates. You can even decide which of your IP addresses fall under the authority of which access control lists and at what time of day.

When a user browses a Web page in a blocked domain, iPrism brings up a default page rather than simply notifying the user that it is being blocked. If a user needs to legitimately access a particular domain, that user can request access to it by clicking on the button that appears on the 'no access' page. The administrator can then decide which requests to honor.

No fooling

Once the iPrism is properly set up, there is practically no way to bypass or fool it. We found that it blocked a certain subdirectory on the St. Bernard site, which its database tags as pornography for testing purposes. We tried to enter that directory using their Web server's IP address and were still thwarted by the iPrism's ability to cross-reference. The only way to bypass the iPrism was to disable the proxy server setting on the client browser (but only if the iPrism is in proxy mode). But a properly configured firewall would stop that traffic.

The Reports Manager has a good number of standard report formats and allows you to build more to your own specifications. You can also schedule reports to run periodically. There is even a Real-time Monitor that lets you see your Internet traffic as it happens. All in all, the reporting system is very flexible.

Even for all it gives you, we consider the base price of $3,490 a bit on the expensive side, especially when you consider that access to site ratings is by a one-year subscription at this price. After that you have to resubscribe.

While many users may bristle at having their Web traffic monitored, the simple fact is that a device such as the iPrism M1200 can make it much easier to keep bandwidth costs at a minimum. Whether this is a necessary step is something network administrators need to decide for themselves.

About the Author

Greg Crowe is a former GCN staff writer who covered mobile technology.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected