Watchguard Firebox X500 / WebBlocker - restrict Internet access using NT authentication?

Posted on 2005-03-15
Medium Priority
Last Modified: 2013-11-16
Hi there,

We have a Watchguard Firebox X500, and are running a Windows 2000 network on a single domain.

We would like to restrict a certain number of users' internet access to only one hour per day.

We know that we can do this via the firewall using the inbuilt WebBlocker software, but so far have only found out that we can do it by the following options:

1) set the user's machines with static IP addresses and set the firewall to restrict access for these IPs
2) get our user's to authenticate against the firewall each time they browse the internet, and set the firewall up to restrict internet access for certain usernames

We do not want to go down either of these routes, and would rather just set up a windows security group in the Active Directory, and tell the firewall to restrict access for members of that group (without extra authentication - just using normal NT authentication.) This way we do not have to get all of our users to authenticate against the firewall when this is an issue which affects only about 5% of the users. We also do not want to give the machines static IP addresses as the users move around different machines and we use DHCP.

Can anyone let me know if this is possible please?

Question by:gjirvine3000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Accepted Solution

ADSaunders earned 1200 total points
ID: 13543294
Hi gjirvine3000,
Not currently using Watchguard software. It only authenticates using a java applet, that needs to be run (and kept running) for each access through the firebox. We had the same requirement, and solved it using MS ISA server which can limit access through user groups. The Watchguard is configured to only pass Internet access from the external IP of the ISA server.

Regards .. Alan

Assisted Solution

tmehmet earned 800 total points
ID: 13545541
You will need a full blown Proxy server to do what you ask.

dont forget, the Watchguard is a firewall, It provides these additional  bells and whistles but they dont go too far in terms of funtionality.

You could point authentication back to your domain so that users use the same account, but they would still need to authenticate, it would not be transparent.

the other option is to put these other 1 hr boxes on a different dhcp scope and then specify that subnet on the firewall.


Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question