JasonGW Posted September 7, 2005 Share Posted September 7, 2005 (edited) I've been evaluating software and methods, but haven't really found a way to do precisely what I want to do. We've currently got a Linux box in place that does our proxying (Squid) but it's overly complicated and isn't doing the best job. I want, ideally, to come up with a Windows solution for my firewall box.In a nutshell, here is what I want:1. By default, ALL users are prevented from accessing the internet2. Only members of the Active Directory group "InternetBrowsing" are permitted to browse3. Sites with objectionable content are blocked unilaterally4. HTTP, HTTPS, FTP and FTPS clients should be able to connect where appropriate5. More limited users should have predefined sites they can visit but NO blanket accessAny assistance would be appreciated.Thanks!JasonEDIT: I KNOW Active Directory doesn't have these capabilities out of the box, and that's not what I'm after. What I want is a software that can do the above functions and can use the Active Directory user database to keep track of appropriate permissions for individual users. Edited September 7, 2005 by JasonGW Link to comment Share on other sites More sharing options...
InTheWayBoy Posted September 7, 2005 Share Posted September 7, 2005 I don't think AD can do that out the box...you'll still need another program to accomplish that. I think that's what Microsoft's ISA Server is supposed to do... Link to comment Share on other sites More sharing options...
JasonGW Posted September 7, 2005 Author Share Posted September 7, 2005 I don't think AD can do that out the box...you'll still need another program to accomplish that. I think that's what Microsoft's ISA Server is supposed to do...<{POST_SNAPBACK}>Oh, I know that That's what I'm looking for, some recommendations on software that I can use to accomplish the above goals. I probably can't get my supervisor to spend the $3000+ on ISA server, though. We only have about 80 users on the network with only 30 of those actually needing internet access, so ISA isn't really justified.thanks!Jason Link to comment Share on other sites More sharing options...
InTheWayBoy Posted September 7, 2005 Share Posted September 7, 2005 I see...in that case then I'm sure there has to be a better, cheaper way. However, I can't think of any off the top of my head. I would think something along the lines of a centrally managed firewall might work best for you. Something you could deploy to all the computers and lock down to your settings. I was looking in to Kerio WinRoute Firewall for that earlier, but haven't really done much investigating. Link to comment Share on other sites More sharing options...
JasonGW Posted September 7, 2005 Author Share Posted September 7, 2005 I see...in that case then I'm sure there has to be a better, cheaper way. However, I can't think of any off the top of my head. I would think something along the lines of a centrally managed firewall might work best for you. Something you could deploy to all the computers and lock down to your settings. I was looking in to Kerio WinRoute Firewall for that earlier, but haven't really done much investigating.<{POST_SNAPBACK}>Yeah I'm playing with that right now, hopefully it will work out. Ideally I'd prefer *not* to install a client component, but if I gotta, I gotta.Jason Link to comment Share on other sites More sharing options...
chilifrei64 Posted September 8, 2005 Share Posted September 8, 2005 If this is a corporate infrastructure then I would use something along the lines of either websense or SurfControl. Both offer AD integration.http://www.websense.com/global/en/http://www.surfcontrol.com/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now