emilbus20
asked on
FireBox III 700 - Seting up a Whitelist/BlackList not with WebBlocker App.
Hello!
I have just purchased a firebox 700, which i am currently using as my gateway. I want to be able to make a list of all websites that our users goto and then eventually block all the websites except company related ones. Can anyone help or throw me to a good walkthrough. The manual is not cutting it...
Michael
I have just purchased a firebox 700, which i am currently using as my gateway. I want to be able to make a list of all websites that our users goto and then eventually block all the websites except company related ones. Can anyone help or throw me to a good walkthrough. The manual is not cutting it...
Michael
PS - another way to set this up would be with an internal DNS server. Just blackhole (ie send to 127.0.0.1) all requests to unwanted URLs.
ASKER
Dude, i thought about that, but the owner wants it all controlled in house with the web blocking. If he wants to pay me to set it up then more power to him...
I'm trying to take a look at the Watchguard support site, to see how you can import blacklists, but I don't have a user account, and the manual's too big for me to download over dial-up... :(
I am thinking something along the lines of creating a rule than denies access to a list of DNS names / IP addresses. For this you would need to configure Watchguard as a DNS client to an up to date DNS server on the net somewhere (eg your ISP's).
Does the policy editor allow you to create a group of dodgy IPs that you can deny access to ??
I am thinking something along the lines of creating a rule than denies access to a list of DNS names / IP addresses. For this you would need to configure Watchguard as a DNS client to an up to date DNS server on the net somewhere (eg your ISP's).
Does the policy editor allow you to create a group of dodgy IPs that you can deny access to ??
ASKER
I am not sure, i am new at the watchguard game...
Does anyone have experience with setting one of these up in this aspect?
Does anyone have experience with setting one of these up in this aspect?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured it out myself.
First I made a normal HTTP Pollicy, blocking access to all websites except the ones that i defined, for EVERYONE.
Then I made a group, adding all the IP addys that I wanted to have full access...
Then I Made a second HTTP Policy giving all of the members of the group access to all websites.
It worked!
[W]
First I made a normal HTTP Pollicy, blocking access to all websites except the ones that i defined, for EVERYONE.
Then I made a group, adding all the IP addys that I wanted to have full access...
Then I Made a second HTTP Policy giving all of the members of the group access to all websites.
It worked!
[W]
Also consider something like Microsoft ISA on the inside to act as a proxy server for all your clients ?
Weigh up the cost of such a solution, say $7500 for 100 users over three years, to the cost of trying to do everything yourself (2-3 days to setup, 10mins - 30mins a day administrating).... ;)