Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Watchguard Firebox X500 / WebBlocker - restrict Internet access using NT authentication?

Posted on 2005-03-15
Medium Priority
Last Modified: 2013-11-16
Hi there,

We have a Watchguard Firebox X500, and are running a Windows 2000 network on a single domain.

We would like to restrict a certain number of users' internet access to only one hour per day.

We know that we can do this via the firewall using the inbuilt WebBlocker software, but so far have only found out that we can do it by the following options:

1) set the user's machines with static IP addresses and set the firewall to restrict access for these IPs
2) get our user's to authenticate against the firewall each time they browse the internet, and set the firewall up to restrict internet access for certain usernames

We do not want to go down either of these routes, and would rather just set up a windows security group in the Active Directory, and tell the firewall to restrict access for members of that group (without extra authentication - just using normal NT authentication.) This way we do not have to get all of our users to authenticate against the firewall when this is an issue which affects only about 5% of the users. We also do not want to give the machines static IP addresses as the users move around different machines and we use DHCP.

Can anyone let me know if this is possible please?

Question by:gjirvine3000
LVL 10

Accepted Solution

ADSaunders earned 1200 total points
ID: 13543294
Hi gjirvine3000,
Not currently using Watchguard software. It only authenticates using a java applet, that needs to be run (and kept running) for each access through the firebox. We had the same requirement, and solved it using MS ISA server which can limit access through user groups. The Watchguard is configured to only pass Internet access from the external IP of the ISA server.

Regards .. Alan

Assisted Solution

tmehmet earned 800 total points
ID: 13545541
You will need a full blown Proxy server to do what you ask.

dont forget, the Watchguard is a firewall, It provides these additional  bells and whistles but they dont go too far in terms of funtionality.

You could point authentication back to your domain so that users use the same account, but they would still need to authenticate, it would not be transparent.

the other option is to put these other 1 hr boxes on a different dhcp scope and then specify that subnet on the firewall.


Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses
Course of the Month10 days, 18 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question