[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Network Content Filtering by Proxy or Firewall?

I know there are lots of posts out there regarding the same issue, but I need it broken down for me.

I am running a Server 2003 doing DNS and DHCP on the domain. Right now, I just have an Adtran firewall installed by our ISP doing the NAT and forwarding a port or two for our VPN and Applications.

What I want to do is lock down internet access to the workstations in the domain. I do not want everyone locked down, Administrators, and special groups need to have certain access. These groups are already defined in AD on the 2003 Server.

Is there a way to lock down internet access at different levels for the different groups without having to buy ISA or a content filtering solution?

I am going to be buying a firewall shortly, so I can do all the configuration on that. Any recomendations on what gear I should get to help me out in this area would be useful.

I have read a little about proxies, but I do not understand how they work or where to begin setting one up. Also I have an intranet server that I can install some software on to do all this if someone has any recomendations for a software solution that does not have to be on the server that is doing the DHCP/DNS.
0
TTCLIVE
Asked:
TTCLIVE
  • 3
  • 2
1 Solution
 
TTCLIVEAuthor Commented:
One more thing. I ran into this online while researching this issue: http://www.scrubit.com 

Can I tell all the workstations to only access the internet through the Server and tell the server to use this DNS configuration and just have all the traffic filtered off site? If I can, how do I do that, and where do I start (as far as telling the workstations to only access the internet through the server, right now they are all set to receive all the ip info automatically).
0
 
scotttchtcCommented:
Hi TTCLIVE,

First a proxy server is a server application that would install on a server and all workstation internet traffic would funnel through that server to get to the internet. You would need to a beefy server to handle this workload and the server would need to be multi-homed. This mean that the server would need 2 network cards installed. One NIC would be configured for local network access and the other NIC would be configured to connect to your router for internet access. This solution requires knowledge in server configurations and proxy software.

A better solution is a hardware firewall solution, which you said you were going to purchase anyway. A SonicWall Firewall will do what you need to do. You can deny or allow access based on computer IP Address. You can setup content filtering and setup an administrator bypass so you can get around the CF with a password that only you would know. Check our http://www.computerhousellc.com and click on the SonicWall Firewall link on the left side. Hope this help :)
0
 
TTCLIVEAuthor Commented:
Okay, I will look into that. I would rather not have to pay licensing and renewal fees for unlimited users on the Sonic Firewall. I will be looking around though for other solutions that do the same thing.

Until I find out, I actually looked into proxy solutions and found one that will fit my needs. I have a web server running in-house and installed a php proxy ANON Proxy server and would like to figure out how to get the rest of my workstations to use the webserver as the proxy without reconfiguring the default gateway (as the DNS and DHCP is being handled on a different local server and I need to make sure the computers stay connected to this comouter).

Is there a setting I can change in the DHCP that will tell all internet access to go through the proxy server?

Let me show you the layout:

                         Router
                              |
                         Switch
                              |
ServerA       Webserver        Worstations

The workstations are configured to receive configuration automatically, and the ServerA is handling the DNS and DHCP for the network. And the default gateway for everything is the Router IP address.

So where can I change the default gateway to be the webserver so the proxy will work, and does it really have to have two NIC's and be really beefy? It's just passing traffic right?
0
 
TTCLIVEAuthor Commented:
Nevermind I figured it out. Free proxy server, doing everything I want it to do, no pc upgrades needed. Thanks for the help.
0
 
scotttchtcCommented:
No problem. If you need any assistance, I can give you me email address apon request. Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now