NetIQ's WebMarshal now supports all versions of Windows server. The installation is simple, but you need an SQL server on the network. While this means that you have to factor this cost into the purchase, it means you can distribute the WebMarshal install for better performance and scalability. You can also run the database on the same PC, as we did for our test.

WebMarshal does not cache websites itself, but it can integrate with Microsoft's ISA and be used with other third-party proxies. Management is through the familiar shell of a Microsoft MMC snap-in. WebMarshal shares its design with MailMarshal and IMMarshal – if you use either of these products you'll be able to jump straight in.

Even if you've never seen a NetIQ product before, you'll be off to a quick start thanks to simple user interface and excellent documentation.

Building a security policy is simple and uses reusable rule elements, including URL categories and user authentication. WebMarshal has a set of secure connectors, so you can pull in existing users and groups from Active Directory or NDS.

As well as NetIQ's own URL database the company is also offering Secure Computing's Sentian Blacklist for tighter control of internet policy. You can also add custom URLs and categories.

Creating a rule is a simple matter of choosing to whom it applies and which categories of website you want to block.

From this point WebMarshal lets you define a schedule for when the rule applies.

WebMarshal features one of the most advanced keyword filtering features tested. Using the TextCensor script you can scan web pages using Boolean terms for comparison, weighting the final result. It is a fair amount of work to do properly, but it is more accurate than simple keyword filtering. WebMarshal offers user-level quotas – you can choose time limits or bandwidth limits for each rule and track usage.

Finally, there is a large range of reports, so you can see exactly what is going on with your internet connection.

This is a powerful and easy to use tool, although the lack of caching is a potential problem for very large networks.