• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 187
  • Last Modified:

Limit internet access

I'm running a Windows 2003 domain with a pix firewall. Is there a way that I can setup an allowed internet list of 10 websites that are allowed to be visited on my network without having to buy any other hardware/software?
0
brasslan
Asked:
brasslan
  • 3
  • 2
1 Solution
 
Jay_Jay70Commented:
yep, i have the same thing configured on a pix, its all done by the IP of the website and access lists, much better suited to the firewall areas here - but yes, it can be done
0
 
brasslanAuthor Commented:
True, I guess I didn't think of that one.

I'm hoping to have more of a software solution through group policy or something like that.  But if I don't find anything by the end of the week I'll start making my access-list's :-)
0
 
Jay_Jay70Commented:
you can limit using content advisor within group policy, but its a very flakey way of doing it and one that for once, i would stear you away from GPO with.....Very rare that ill actually push someone away from GPO but it simply doesnt work properly for this....

Access Lists are your best bet if you dont have a proxy solution
0
 
brasslanAuthor Commented:
I've done some more reading about software solutions to my problem, and I like your idea about acl's in my pix the best.  Although it isn't the most "user friendly" solution, it will be bullet proof when I'm done.  I also found that I can lookup multiple A records for a web site using NSLOOKUP.  For example, if I want to block access to google.com I need to block all these IP addresses because google.com and www.google.com have DNS A records resolving to these addresses.

64.233.167.99,
72.14.207.99,
64.233.187.99,
74.125.19.104,
74.125.19.147,
74.125.19.103,
74.125.19.99

Anyway, it will be a long acl when I'm done, but with proper remarks it shouldn't be to confusing.
0
 
Jay_Jay70Commented:
glad it works for you, going to be a long list thats for sure, you may find in time you want to look at something like ISA server to make your life a little easier
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now