Ok, I'll try to answer your questions to the best of my ability:
I would like to use the Zentyal Server to perform the following:
- Filter all client web traffic - No user should be able to access websites such as porn, gambling, known infected sites, suspicious sites, etc...
- Firewall - I would like to block certain IPs and IP ranges from communicating with clients, and block clients from communicating with these IPs.
- Traffic Shaping - Many of our clients are 'hogging' the bandwidth we have by using youtube/Netflix/Pandora. I'd like to cap bandwidth for these sites while allowing other web traffic full bandwidth. I would block these sites altogether, but management will not allow me to do this
Management would like this all to fail open, but I would prefer to have it fail closed and bypass it manually on a temporary basis, if necessary, until I get something back up and running.
Furthermore, since many of these clients are accessing "apps" on their smart devices, traffic may not always be HTTP-based. This being the case, perhaps WCCP is not an option for me because as I understand it, WCCP will only forward http-based traffic.
So, as I understand things, Zentyal is capable of all of the features I'm looking for, but must be installed in-line if I want to use it to do more than just filter http traffic.
So, in your opinion, what would be the "best practice" way to configure and install this server in our environment shown in my first post?
Thank you very much for your help!