?
Solved

Need category based web filtering solution

Posted on 2014-09-20
10
Medium Priority
?
296 Views
Last Modified: 2014-09-21
I need category based web filtering.
Which box or solution I must use.

This way I am managing currently:
I have a CISCO RVS4000 router with a static IP & Small Business server 2011.
I configured my DNS to forward all the request to opendns.com i.e 208.67.222.222
Using opendns I chose the category I wish to block.

All is going well if need to block sites uniformly.


The twist is to disable web filtering to few users.
Changing DNS to ISP DNS does not work as the desktop could not able to resolve local servers IP with ISP DNS.

What do I need to do selectively enable web filtering?

Do I need any UTM?

If yes, which is best suitable for 30 users in minimum pricing?



http://www.sonicwall.com/us/en/products/Network_Security_Content_Filtering_Categories.html
http://www.websense.com/content/support/library/web/v75/triton_web_help/new_cat_prot.aspx#596182
http://www.cisco.com/c/en/us/td/docs/security/web_security/scancenter/sc5126/CategoriesAP.pdf
http://www.fortiguard.com/static/webfiltering.html
https://www.barracuda.com/products/webfilter/features#section_6
0
Comment
Question by:Akash Bansal
  • 5
  • 5
10 Comments
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 40334538
You could use separate internal DNS servers for your clients.  One would forward to OpenDNS, the other to your ISP.  Choose which users use each DNS server by setting manually on each PC, or via login script.
0
 
LVL 2

Author Comment

by:Akash Bansal
ID: 40334655
Nice idea
There is only one physical server; can i install dns in the same server.  Can i install wins?
How to auto sync two dns servers?

Any utility which can be installed in the same sbs box and can sync with existing dns server and act as dns server?
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 2000 total points
ID: 40334720
WINS is no good for internet queries.

You 'could' install a 3rd-party DNS server and bind it to a second IP on the SBS but unless you're 100% sure your setup is perfect I'd not recommend it as you'd need to configure conditional forwarding, etc.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
LVL 2

Author Comment

by:Akash Bansal
ID: 40334726
Thanks 😊
Cld u recommend any gud thirdparty dns
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40335139
PowerDNS may do what you need...

https://www.powerdns.com/index.html
0
 
LVL 2

Author Comment

by:Akash Bansal
ID: 40335384
Managed to setup additional DNS server on the second IP address using
http://dhcp-dns-server.sourceforge.net/

The client computer is getting correct IP of all the hosts .


Except:

_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.myname.local
_ldap._tcp.myname.local
_ldap._tcp.Default-First-Site-Name._sites.myname.local

 is not found, thats why having issue while connecting the AD & Exchange.

getting error in DNS log files that this does not found in forwarding server.



I guess this must not be forwarded to the forwarding server but must resolved locally.

Please guide.
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 2000 total points
ID: 40335466
If you conditionally forward requests for myname.local they should be forwarded to the other IP on the SBS box.
0
 
LVL 2

Author Comment

by:Akash Bansal
ID: 40335527
Great!
Its done n over.

Thanks Craigbeck! :)

You did a great help to me.
0
 
LVL 2

Author Closing Comment

by:Akash Bansal
ID: 40335532
Great approach.
you thinks out of the box.
Really a Guru.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40335602
My pleasure - glad to help :-)
0

Featured Post

The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question