Internet Content Filtering - Member-hosted

Printer-friendly version

With the member-hosted Internet Content Filtering service, the filtering hardware and software are located on the member network and on equipment provided and maintained by the member. This configuration allows the organization to have complete control over the service and receive access to full reporting and configuration capabilities.

Software and Hardware Requirements

MOREnet will provide consulting and technical assistance with configuring and troubleshooting the Netsweeper server. Netsweeper is a precompiled software appliance, based on Linux, that installs on a mid-sized server with upgraded RAM.

Minimum Netsweeper Server Requirements

Netsweeper 5.x 64-bit

Small Sites Bridge Mode < 500 devices:
  • Intel i3 CPU at quad core, 2-3GHz
  • 8GB memory for 64-bit installations
  • Disk: 100GB or more
  • 2 (or T2) Intel 1GE igb, 82575/82576/82580/I350-based (800Mbps-1Gbps)
    NOTE: If using older hardware, the age of disk should never exceed three years.
Medium Sites Bridge Mode, 500-1000 devices and < 140MB outbound traffic
  • Increase CPU to 16GB/ 4 - Quad CPU
Larger Site Capture Mode > 1000 devices > 200 MB inbound traffic
  • Move to the Capture Module Deployment (mirrored switch port)
  • Same hardware as Medium, but hardware can be virtualized. You will still need two dedicated NICs.
  • Two (or T2) Intel 1GE igb, 82575/82576/82580/I350-based (800Mbps-1Gbps) (highly recommended for 1 GB)

Netsweeper Network Deployments

MOREnet will support three network designs for Netsweeper running on local area networks (LANs):

  • Transparent Bridge Mode: two NICs are required and the Netsweeper server can be inserted or removed without affecting the network. Requires two Intel 1GE igb, I350-based NICs.
  • Gateway Mode (Reflector/Router): one NIC is required, workstations use the Netsweeper server IP address as their default gateways and the Netsweeper server forwards traffic to the gateway or firewall. Requires one Intel 1GE igb, I350-based NIC.
  • Pass-by Mode (Sniffer): two NICs are required; one for managing the Netsweeper server and a second for listening to mirrored traffic from a managed switch. Requires one Intel 1GE igb, I350-based NIC.

Netsweeper Alternative Deployments

The Netsweeper Content Filter also works with the following firewalls using IFP (Internet Filtering Protocol). Below are some alternative deployments.

  • Websense protocol on older Cisco ASA/PIX
  • Proxy-based filtering
  • DNS-based filtering (new in 2016)
  • Client filter option (available on Windows, Mac and Linux)
  • Chromebook Extension
Authentication Deployments

Netsweeper supports authentication through the following services:

  • Microsoft’s Active Directory
  • Netsweeper local user database
  • Open LDAP
  • Netsweeper web-based authentication

Support Responsibilities

MOREnet Responsibilities

  • Provide technical assistance on configuration and troubleshooting.
  • Act as liaison and escalate problems to the vendor's technical support.
  • Provide free Netsweeper software and client software for deploying on your network.
  • Provide the serial key for installing the Netsweeper operating system.
  • Provide consulting and technical assistance on configuration for the supported NAT firewall devices to work with the Netsweeper server.

Member Responsibilities

  • Have a support contract with the firewall vendor and download the latest firmware.
  • Provide the hardware to install the Netsweeper server.
  • Install, configure and provide hands-on troubleshooting of the NAT device.
  • Install and configure the Netsweeper operating system software.
  • Define the appropriate filters for the Internet Content Filtering service on the Netsweeper server.


MOREnet Pricing:

MOREnet Support:

MOREnet Training: