Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

recommend a firewall/internet access monitor?

  • 09-02-2011 8:43am
    #1
    Registered Users, Registered Users 2 Posts: 222 ✭✭


    hi folks

    I'm hoping you can recommend a suitable replacement for the firewall/internet monitor we are currently using.at the moment we have MS ISA running although we only use a fraction of its capabilities it is was probably over kill at the time anyway. We want to decommission this server now. We have about 50 users onsite of which I want to allow internet access to about 20 of them.
    1. I need to be able to control access by user rather than by pc because some of the users will be based out on a production floor
    2. I dont want internet users to have to input a password evertime they launch a browser
    3. maybe the best(only?) way of achieving this is by integrating with active directory so I can control who has access or not with an internet users group
    4. I want it to record and store logs of what users have been browsing and I want to be able to disallow facebook etc
    5. I need at least 2 VPN channels

    Theres probably one or two other things I've forgotten but thats the most of it anyway. I'd imaging these arent unique requirements. so far most of the recommendations I've gotten were for a sonicwal but any of the models I looked at did not integrate with active directory and so you would have to have your internet users inputting a password when they needed to get online. I'd get the sack if I told our engineers that !

    anyway, anyone got any suggestions?
    thanks


Comments

  • Registered Users, Registered Users 2 Posts: 222 ✭✭jackrussell007


    Maybe I shouldve posted this in the server forum? Can a mod move this on over there please?

    thanks


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    Sounds to me like ISA is probably the best man for the job you have specified. Why do you think it's over-spec'd?
    Cisco ASAs do have some AD integration for authentication and ACLs, but I don't know if it will do all you require, and they're not cheap.


  • Registered Users, Registered Users 2 Posts: 222 ✭✭jackrussell007


    Well to be honest, my main motivator is just that the server its running on is not in great shape. We have a stand alone server running ISA and to me it seems a bit over the top for our requirements. It's using electricity, seat of anti virus, takes up some of my time maintaining it etc.

    I inherited this setup and at the moment we're looking at upgrading some other servers so I was going to decommission this one while we were at it in the hope that I could bundle all of the above onto one device. If I cant get something that works in pretty much the same way then I may consider holding onto ISA and just installing it on whatever new server we implement.


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    Another possibility is to replace the firewall with a more 'dedicated' box, like a Soekris running pfSense, and relegate the access control to GP, which is, IMO, where it should be in the first place.


  • Registered Users, Registered Users 2 Posts: 222 ✭✭jackrussell007


    GP?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    Sorry... Group Policy.
    You could create a Group Policy Object that enforced a http proxy on all members of a particular group. Then join all the people that shouldn't be browsing to that group.
    You can also all GPOs to stop certain programs executing, like iexplore.exe, firefox.exe and so on.


  • Registered Users, Registered Users 2 Posts: 222 ✭✭jackrussell007


    that sounds like a plan actually. it would save a few bob as well, and like you said I could just get a dedicated firewall.
    thanks for your suggestion


Advertisement