Announcement

Collapse
No announcement yet.

Internet filtering by IP or ideally AD User

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internet filtering by IP or ideally AD User

    I need to only allow two websites for 10 client machines. All other client machines connect via the same place, a Sonicwall Pro 2040 enhanced. I am considering purchasing the content filter module for that but can't seem to find out whether it blocks via IP or AD user.

    Has anybody got any recommendations? Thanks.

  • #2
    Re: Internet filtering by IP or ideally AD User

    The SonicWall web site would seem to suggest that it blocks based on user or group:

    Administrators are free to create enterprise-wide policies that are specifically designed to meet their own requirements and legislative mandates. The dynamic rating architecture can be used to block up to 56 categories of objectionable or inappropriate Web content, providing a high level of transparent control, ease of administration, and granular policy enforcement. The local URL filtering feature adds flexibility by letting administrators go beyond categories to block or allow specific domains or hosts. Policies can be applied to individuals or defined groups (e.g., students and faculty) and set to block automatically-downloadable files or apply filtering by time-of-day.

    I couldn't get the product data sheet pdf to open, so I couldn't get any additional details.

    http://www.sonicwall.com/us/products.../488_2925.html

    I'm sure a quick email to sales or support could get the answer for you.

    Comment


    • #3
      Re: Internet filtering by IP or ideally AD User

      Thanks Joe. I have read through the documentation but it doesn't seem to allow me to create a policy to just allow two websites on specific computers. Do you know any client based solutions or any other way?

      Thanks

      Comment


      • #4
        Re: Internet filtering by IP or ideally AD User

        Moved to Networking forum
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Internet filtering by IP or ideally AD User

          Originally posted by Virtual View Post
          I need to only allow two websites for 10 client machines. All other client machines connect via the same place, a Sonicwall Pro 2040 enhanced. I am considering purchasing the content filter module for that but can't seem to find out whether it blocks via IP or AD user.

          Has anybody got any recommendations? Thanks.
          The content filter is applicable for every node that access's the gateway. You can create exceptions via IP address (just assign statics or reservations in DCHP scope...) To my knowledge enhanced OS (although it does have some AD integration, namely for SSL-VPN users) doesnt use AD user accounts for that.

          Sonicwall has an EXCELLENT demo site. You can login to the appliances experiment with them and play with them till your hearts content. Theres a few of the NSA series on there login and have a peruse..

          http://livedemo.sonicwall.com/livedemo.html


          (you can thank me later.. As you can see im a big SW fan..)
          Last edited by scurlaruntings; 22nd August 2009, 23:34.

          Comment


          • #6
            Re: Internet filtering by IP or ideally AD User

            Thanks for everyones input. For the time being, I have decided to carry out the folllowing.

            As we don't use a Proxy server, enable the Proxy Server in IE and then add the two websites as exceptions via the Advanced settings. I will then enable the 'bypess proxy server for local addresses'.

            I'll configure a GPO and apply it to the computers. Any user logging onto to those machines will only ever be permitted to use those two sites anyway.

            Comment


            • #7
              Re: Internet filtering by IP or ideally AD User

              Have a look at ClarkConnect. It is free and easy to setup/configure. http://www.clarkconnect.com/downloads/
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Internet filtering by IP or ideally AD User

                Probably a bit late in this case but in your position i would have created and address object for each of your 10 clients, and both websites.

                Next create 2 address groups. One for your clients and one for the web addresses.

                Next create a LAN -> WAN rule to allow access to both those websites from those PC's.

                So it should be something like this

                From Zone - LAN
                To Zone - WAN
                Service - HTTP or any depending on whether you are accessing purely http.
                Source - PC's
                Destination - Websites
                Users Allowed - All
                Schedule - Always On

                Then i would create a rule that denies all other internet access for those 10 PC's.

                That should work but i haven't tried it out anywhere.

                ***EDIT***

                I forgot to add that you would need to create a reservation foe the PC's in DHCP as it works on IP address.
                Last edited by wullieb1; 4th September 2009, 05:09.

                Comment

                Working...
                X