Webfilter for School


Hello all,
So I have a non-profit client that is also a school and they are in dire need of a new CFS. Currently they are using a Sonicwall but it is having problems and they just want it gone.

My problem is, I’m having a hard time finding an affordable solution that checks some major boxes they need checked.

The students are using Chromebooks, those Chromebooks are assigned a static IP address by the Sonicwall and the CFS rules are established for their IP range. So being able to replicate this is a requirement.

Secondly, for everyone else in the Windows domain the Sonicwall’s CFS rules are applied by the user that logs in. So this is also a requirement.

I actually have a used Barracuda 310 sitting here that I took out of another client that didn’t want it anymore. I know it would do the job, but they would hate the maintenance costs of it.

I’m looking for suggestions from people who have installed CFS systems for schools, what they used, and if it would support the aforementioned needs.


@skippITs-James Sounds like a a pf-Sense solution with pfBlocker to filter out the undesirable content and at the domain level. Check out the Netgate appliances at netgate.com the right one depends on the number of users logging on at any one time. The Ui will make config and support very easy for you. Look at Tom’s videos on pf-Sense.


pfsense is lacking when it comes to a having a granular content filtering solution. pfblocker is only doingit at the DNS level. I am not aware of any firewalls/routers that offer CFS without recurring costs due to the nature of needing the feeds for the CFS system. You could also take a look at the https://www.untangle.com/ system.


My suggestion is to contact Barracuda Networks. They have special prices when the end customer is education or governement.
They have excellent Web Filter Appliances for your needs.
I have sold and implemented many Barracuda Solutions and best of all the Support is outstanding.
Try it, give them a call.


@pedracho I can confirm how good Barracuda is because that’s what we used at my corporate job before I started my own business. Support is literally top notch, which is so rare in the IT world. If you don’t know how to accomplish something they can remote in and build it with you!


@LTS_Tom or anyone really - Can you confirm the untangle would be able to handle both situations?

  • Assigning specific IP addresses to MAC addresses, and a specific CFS allow list to that IP range.
  • For everyone else it’s based on user login.

I don’t have one nor the resources to spin one up to find out for myself. Thanks!


WebTitan is looking appealing. Integration looks easy. Anyone here with experience?


Does the school sync it’s AD accounts with G Suite? If so you could look at solutions that also support user based filtering on Chromebooks.

I recently had a demo from Securly they offer user, and IP based filtering, and filter Chromebooks out the box. The filtering also works outside the school, if the Chromebooks are taken home. It should also tick a lot of safeguarding boxes.