Coffinated
asked on
Control Internet access per user not IP
Hi,
Can someone recommend a good way to filter internet access for a small business? Right now we're using Untangle web filter (free), it does a good job but it works per IP address not per user.
I want to be able to block ftp/smtp on all computers (can also be done at the FW level), some users will have access only to certain web sites, others will have no access at all. Mgmt employees will have full internet access, all internet access must be logged and reported.
This is Windows 2008/2003 server environment with WIn XP pro as workstations. I'd prefer centralized solution free would be best.
Thank you
Can someone recommend a good way to filter internet access for a small business? Right now we're using Untangle web filter (free), it does a good job but it works per IP address not per user.
I want to be able to block ftp/smtp on all computers (can also be done at the FW level), some users will have access only to certain web sites, others will have no access at all. Mgmt employees will have full internet access, all internet access must be logged and reported.
This is Windows 2008/2003 server environment with WIn XP pro as workstations. I'd prefer centralized solution free would be best.
Thank you
Use IPCop as your firewall with URL filter and Advance proxy add-ons loaded.
ASKER
I can't replace firewall, we have ASA 5505 with VPN set up.
ASKER
can it be used in bridge mode?
From Cisco - check out https://supportforums.cisco.com/message/3023268
This will tell you how to filter url's using the ASA 5505.
Expanding on the logic I would use role based groups (i.e.group membership in AD) to apply filters as well.
This will tell you how to filter url's using the ASA 5505.
Expanding on the logic I would use role based groups (i.e.group membership in AD) to apply filters as well.
While you can't replace your existing firewall, could you not add a second firewall?
I believe a Watchguard can do what you need using AD integration.
I believe a Watchguard can do what you need using AD integration.
ASKER
b_haynes:
I considered cisco, but it does per ip/host filtering, I need per user (LDAP) filtering.
skykingjwc:
Yes I could do it, however there must be an easier way to filter web access by username.
I considered cisco, but it does per ip/host filtering, I need per user (LDAP) filtering.
skykingjwc:
Yes I could do it, however there must be an easier way to filter web access by username.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
or of course linux+samba, if you have a linux box. or if you really want to push the envelope, OES2 and DSfW :)