Re: How to restrict Internet access for certain PCs to certain web sites?


"Somebody." <somebody.@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:zHBkf.4494$43.481@xxxxxxxxxxxxxxx!nnrp1.uunet.ca...
>
> "Charles Newman" <charlesnewman1@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:dZidnTtLkPjIow_e4p2dnA@xxxxxxxxxxxxxx
>>
>> "Squish" <guest@xxxxxxxxxxxxx> wrote in message
>> news:3c3to11q56jo3dau11oq4tin2hlhpgl7v7@xxxxxxxxxx
>>>I have a few PCs that I want to limit their Internet access to nothing
>>> more than Windows updates and AV updates. All other Internet access I
>>> want blocked but I want to preserve LAN access via TCP/IP. Is there
>>> an easy solution for this like a proxy software that I can place on a
>>> server somewhere so that I do not need to configure each PC? I was
>>> thinking about setting the gateway on these PCs (via the DHCP
>>> reservation) to the IP address of the server with this software and
>>> setting up various access rules on this server as necessary. This is
>>> for a MS Windows environment but I could build and use a Linux box if
>>> necessary. Please reply to the group, e-mail addy is not valid. TIA.
>>
>> You will to have two proxy servers, like I have on my network. One
>> is unrestricted, and is filterd, and does not require authentication, and
>> the other, requiring authentication, is unfiltered. That way, those users
>> authorized for unfiltered access can log on to the unfiltered proxy.
>> You just need to run two proxy programs on a PC running something
>> like AllegroSurf. Then you just set up your proxies. ProxyPro is
>> good for this, as it supports authentication, and then you use another
>> filtered system, such as CyBlock, for the filtered proxy.
>>
>> What you want to do cannot be achieved through a firewall
>> appliance, you will need something with a little more muscle.
>
> Incorrect. With any Fortigate firewall appliance, I can filter by
> category and create entirely different profiles to be applied to different
> sets of IP's. No changes whatsoever are required on any of the machines,
> you simply add them individually or via subnet masks to create groups
> which are applied to the policies.

Thr problem is that most NAT Software, Hardware appliances, etc, use
dynamic addressing, via DHCP, so setting rules by address would not work
very well. Its the way that DHCP works. This was all part of the networking
course I had in college, back in 1999.



.

Relevant Pages

  • 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED bei 2 Servern von 6
    ... Server Windows 2008 Std ML350 mit installiertem Hyper-V und entsprechenden virtuellen Maschinen. ... Log Time Client IP Destination IP Destination Port Protocol Action Rule Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code Cache Information Log Record Type Authentication Server ... Unrestricted Internet access anonymous Internal External HEAD ...
    (microsoft.public.de.german.isaserver)
  • Re: How to restrict Internet access for certain PCs to certain web sites?
    ... > more than Windows updates and AV updates. ... All other Internet access I ... > server somewhere so that I do not need to configure each PC? ... You will to have two proxy servers, like I have on my network. ...
    (comp.security.firewalls)
  • Re: How to restrict group from internet?
    ... The best way would be to use a proxy server and set the rights on the ... restrict the users access the the internet ... want to have internet access with a fake proxyserver. ...
    (microsoft.public.windows.server.dns)
  • RE: Internet Access
    ... As Florian and Meinolf have pointed out, the best way to do this is with a ... I have, however, seen a lot of organizations do this with the fake proxy ... The client pc's have internet access. ... The server is Windows Server 2003 and the clients Windows XP and Vista. ...
    (microsoft.public.windows.server.active_directory)
  • Re: unexpected job offer
    ... How to handle if everyone lost internet access? ... The same is true managing a server. ... you can ping the external IP. ... router seems to be working in every other respect, ...
    (microsoft.public.cert.exam.mcse)