Watchguard Firebox X500 / WebBlocker - restrict Internet access using NT authentication?
Posted on 2005-03-15
We have a Watchguard Firebox X500, and are running a Windows 2000 network on a single domain.
We would like to restrict a certain number of users' internet access to only one hour per day.
We know that we can do this via the firewall using the inbuilt WebBlocker software, but so far have only found out that we can do it by the following options:
1) set the user's machines with static IP addresses and set the firewall to restrict access for these IPs
2) get our user's to authenticate against the firewall each time they browse the internet, and set the firewall up to restrict internet access for certain usernames
We do not want to go down either of these routes, and would rather just set up a windows security group in the Active Directory, and tell the firewall to restrict access for members of that group (without extra authentication - just using normal NT authentication.) This way we do not have to get all of our users to authenticate against the firewall when this is an issue which affects only about 5% of the users. We also do not want to give the machines static IP addresses as the users move around different machines and we use DHCP.
Can anyone let me know if this is possible please?