Currently, in our schools, we use Squid+DansGuardian for basic web content filtering (URLs, phrases, domains, client users, and client IPs). We use Squid for handling the HTTP requests, not for any local disk/mem caching.
It appears that most of this can be handled by a PA firewall with some LDAP hooks into the school Linux server (URLs, applications, threats, client users, client IPs). (Although, that may not work without ident support?)
However, for those that are using PA firewalls in a similar manner, how do you manage the rules/lists? For example, with the DansGuardian setup, we have a simple Webmin module that provides teachers with access to edit the various lists and to easily add/remove entries from the lists. And, by changing group membership for students, block access as needed.
How would that work on the firewall? We'd really prefer to not give teachers access to the firewalls directly. :) We'd also prefer to not require the schools to be constantly calling the service desk to edit the lists for them. Is this a situation where the API would come into play? Could we design a Webmin module to add/remove/view the URL filtering lists in the Security Policies?
Reason I'm asking is that we're running into some limitations and performance issues with DansGuardian, and it looks like most of the features we actually use are supported on the PA firewalls, so I'm looking at alternatives.