stevenvanheerden
asked on
Blocking Facebook
hi there
i need help please.
i have to install a firewall for a company with about 50 users.
the director requires me to block certain sites like facebook, twitter etc, but just for certain users....not everyone.
now this is easy when you use pfsense with squid.
my problem is that facebook uses https now so the squid proxy doesnt pick it up.
how can i get this solved as i have tried various things all weekend.
i cant seem to get my head around this or find relevant info on the web that can assist me.
your help will be greatly appreciated
thank you
steven
i need help please.
i have to install a firewall for a company with about 50 users.
the director requires me to block certain sites like facebook, twitter etc, but just for certain users....not everyone.
now this is easy when you use pfsense with squid.
my problem is that facebook uses https now so the squid proxy doesnt pick it up.
how can i get this solved as i have tried various things all weekend.
i cant seem to get my head around this or find relevant info on the web that can assist me.
your help will be greatly appreciated
thank you
steven
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi Jon
thanks for the advice, but i'm the one doing the install.
so i need to know how to do this...i just though pfsense could handle it as i use it for various other applications.
i'm just not getting the https blocked for certain sites and certain users...
if you were in my position and you could not sub the job, what would you use?
regards
thanks for the advice, but i'm the one doing the install.
so i need to know how to do this...i just though pfsense could handle it as i use it for various other applications.
i'm just not getting the https blocked for certain sites and certain users...
if you were in my position and you could not sub the job, what would you use?
regards
ASKER
oh, and i need opensource please...i have to convert a server that we replaced recently to act as the firewall proxy...
Watchguard. One thing that most people will say about Watchguard is that the user interface (not the web based one) is the best. It is the most intuitive and well organized. Thats one of the things that I like best. I can generally train a (competent) customer in a matter of a couple hours. Understanding some of the terminology and how they all interact in the other brands can be a bit confusing. They are good but take some getting used to. Watchguard has a good clean top down approach that is pretty easy to understand and get used to.
Oh, and I know that it will do what you need in a number of different ways. You do need to make sure (with any of them) that you get the full UTM bundle. You need webblocker and application control to do what you need to do.
..... I was typing this as you put your last entry in. If you are strictly looking for opensource, none of these suggestions will help. Sorry.
Oh, and I know that it will do what you need in a number of different ways. You do need to make sure (with any of them) that you get the full UTM bundle. You need webblocker and application control to do what you need to do.
..... I was typing this as you put your last entry in. If you are strictly looking for opensource, none of these suggestions will help. Sorry.
Facebook is pissing a lot of IT people off lately with this crap. They knew it would make it difficult and went out of their way to do so.
You may be able to create a port rule, but you'd need the IP addresses for the ssl sites.
You may be able to create a port rule, but you'd need the IP addresses for the ssl sites.
Yep, that's the problem, but the next problem is those IPS change and move based on load balancers, etc.
Do you want opensource to have opensource? Or do you want opensource because you have new hardware and you need to utilize it? If sp, throw ESXi on the server and then load the watchguard virtual appliance version of their firewall. I think that they are the only one in my list that has that option.
Do you want opensource to have opensource? Or do you want opensource because you have new hardware and you need to utilize it? If sp, throw ESXi on the server and then load the watchguard virtual appliance version of their firewall. I think that they are the only one in my list that has that option.
you can use DNS redirection for those users, and hope your users are not tech savvy
"Zabo1 : you can use DNS redirection for those users, and hope your users are not tech savvy"
When I was requested to block certain users on a budget of zero I created a share to the windows\system32\drivers\e
The best thing though would be to have a local webserver setup that the host file pointed to and have a "site blocked notice", even better would be to have the attempts to access logged.
When I was requested to block certain users on a budget of zero I created a share to the windows\system32\drivers\e
The best thing though would be to have a local webserver setup that the host file pointed to and have a "site blocked notice", even better would be to have the attempts to access logged.
ASKER
Thanks for all the input guys.
Paul/Zabo - thanks for the nifty trick, but it wont be practical in my situation.
so far the watchguard sound like the only sound solution or perhaps the commercial version of sonicwall.
is there anyone out there that has achieved this with PFSense?
its such a versatile product that i cant believe this cant be done...
any further ideas?
Paul/Zabo - thanks for the nifty trick, but it wont be practical in my situation.
so far the watchguard sound like the only sound solution or perhaps the commercial version of sonicwall.
is there anyone out there that has achieved this with PFSense?
its such a versatile product that i cant believe this cant be done...
any further ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot for the input guys - its greatly appreciated!
Jon