I would like to ask you what web/url filtering application/solution do you use/recommend? I know that there are more than one question here but I would like to hear different opinions.

Best regards,
L.

We use Websense and it is a pretty decent product.  We block Skype traffic and sometimes legit traffic gets tagged as Skype which causes problems.  The support is a mixed bag.  For example, I live in the States and sometimes I will get a support team from Asia, which is a 12 hour difference making the communication tedious.  You may get lucky and get a more local team if you ask for it while opening the ticket.

I have heard Palo Alto has an appliance that I was interested in a a few years ago and would be curious to see what other people's opinions are.

I used ISA in the past, but not for filtering web traffic.  It is a huge plus that it integrated with AD like Ketchup had mentioned.

I've had good experiences with Sonicwall.

My comment is, it depends on the environment to be bluntly honest. Not all solutions work in all environments, so this question is likely going to get you a mixture of answers. Not all wrong, not all right. I could assume you want low-cost (Open Source models) but I don't like to assume. You could want an enterprise solution in which event, a solution like Dans Guardian is seriously lacking.

Where I work I recently replaced all of my FW-1's with a combination of Juniper's SRX and SSG's. The SRX's have the capability to work with Websense so we no longer needed Bluecoat. (Sayanora!) All works just fine however, I work at a SoHo/Mid-Sized corporate environment which works just fine for us.

On my managed security side of things (customers of ours), I mainly use Juniper SSG's most of the time, since the costs involved with deploying an SRX at a small company is almost always intolerable. For these setups it also depends on a few factors before decisions are made, and almost always, they're different. How much time I want to spend configuring and deploying something, how creative I want to be, what's the tolerance of the client: Do they want pretty "Warning you shouldn't be seeing this" pages or would they settle for customization (aka default ugliness (Dan's Guardian default page is ugly)). For logging (do they want pretty or am I the one looking at the logs (when I do I pass them through Splunk and OSSIM filtering))

Plenty of questions each unique to each location. If it is a small office, you can take a look at Untangle which does web-filtering as well (http://www.untangle.com/) if you don't want to go with Squid/Dans Guardian. If you want to do some creative-filtering with IPS/IDS/EPS (Extrusion Prevention System), you could cobble together a neat NSM using Squid, Sguil (http://nsmwiki.org/Main_Page), pads, etc

Thank you for the answers.
Actually I am doing a research for a potential employer. The case is for a medium size company (500 employers, 3 locations) so I looked at commercial products, and I my finalist are Mcafee 500E, Symantec 8450 and M86. I am looking for the price of M86, but the others are arround 2500$.
I saw that Cisco Iron Port does an excellent job, but the company in the case study supposed to do business in the transport biz, so they will not spend 7500$ just for this (I supose ).

I think I'll go with M86, because it is very possible that they already have an AV solution from McAfee or Symantec, so they will only benefit from the combination of them.