IT Tech
asked on
Blocking Websites for Users...
I have a bit of a challenge here... my client wants to block access over the entire network to sites such as: facebook, myspace, mail.yahoo.com etc....
We have a WatchGuard 550 Core firewall in place, its fairly new as well... The Webblocker subscription was a 3 month trial that was in place by default and has expired. Now that the need has arisen to block sites i find it hard to believe that the "only" way according to Watchguard is to purchase this "Webblocker" service add on that is $670.00.
Is there any 3rd party software I can install on client machines or via group policy that would stop users from going to certain sites? Any ideas would be greatly appreciated!
Thanks
We have a WatchGuard 550 Core firewall in place, its fairly new as well... The Webblocker subscription was a 3 month trial that was in place by default and has expired. Now that the need has arisen to block sites i find it hard to believe that the "only" way according to Watchguard is to purchase this "Webblocker" service add on that is $670.00.
Is there any 3rd party software I can install on client machines or via group policy that would stop users from going to certain sites? Any ideas would be greatly appreciated!
Thanks
ASKER
That sounds great, all client machines point to the domain controller for DNS resolution. Domain controller is running Windows 2003 R2 Standard. If you could tell me how to add/mod the dns to redirect facebook.com for example that would be great! Thanks.
You can also setup a login script that copies down a hosts file with those sites listed that point to 127.0.0.1 and places the file in c:\windows\system32\driver s\etc
This will work just as effectively as the DNS way - I guess it depends on which one is easiest one to implement.
Alan
This will work just as effectively as the DNS way - I guess it depends on which one is easiest one to implement.
Alan
ASKER
I would like to just do the DNS redirects if anyone can tell me how to do that? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Make sure you make the dns server authoritative for the zone, here is a MS article to setup DNS http://support.microsoft.com/kb/323445
One more solution you can try is blocking sites at the firewall level; for this however you would need to put the IP addresses and this is quite a job [as the mirrors keep coming up for heavily used sites and it is a challenge to keep up with them]. Also, if certain websites uses non-standard port like 8080 or HTTPS you would need to either have different service for each port/protocol pair or one consolidated service with all port/protocol [adding port/protocol in an existing service is again tedious as you would need to delete and then re-add the service].
Thank you.
Thank you.
If all your systems use a windows based DNS server, which I assume they do, you can create DNS entries for these websites so that users are directed to a website of our choosing, possibly a company intranet. If you need more assistance, make a comment :)