brasslan
asked on
Limit internet access
I'm running a Windows 2003 domain with a pix firewall. Is there a way that I can setup an allowed internet list of 10 websites that are allowed to be visited on my network without having to buy any other hardware/software?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can limit using content advisor within group policy, but its a very flakey way of doing it and one that for once, i would stear you away from GPO with.....Very rare that ill actually push someone away from GPO but it simply doesnt work properly for this....
Access Lists are your best bet if you dont have a proxy solution
Access Lists are your best bet if you dont have a proxy solution
ASKER
I've done some more reading about software solutions to my problem, and I like your idea about acl's in my pix the best. Although it isn't the most "user friendly" solution, it will be bullet proof when I'm done. I also found that I can lookup multiple A records for a web site using NSLOOKUP. For example, if I want to block access to google.com I need to block all these IP addresses because google.com and www.google.com have DNS A records resolving to these addresses.
64.233.167.99,
72.14.207.99,
64.233.187.99,
74.125.19.104,
74.125.19.147,
74.125.19.103,
74.125.19.99
Anyway, it will be a long acl when I'm done, but with proper remarks it shouldn't be to confusing.
64.233.167.99,
72.14.207.99,
64.233.187.99,
74.125.19.104,
74.125.19.147,
74.125.19.103,
74.125.19.99
Anyway, it will be a long acl when I'm done, but with proper remarks it shouldn't be to confusing.
glad it works for you, going to be a long list thats for sure, you may find in time you want to look at something like ISA server to make your life a little easier
ASKER
I'm hoping to have more of a software solution through group policy or something like that. But if I don't find anything by the end of the week I'll start making my access-list's :-)