I am a newbie. I have a network of 20 computers that are connected to the internet. I need the users to be able to access only certain sites for the most part of the day but they should be able to go to any site doing lunch between 12:00pm and 1:00pm. And at the same time one computer should have access to the internet at all times. I am looking for a hardware/software solution preferable free and easy to install and manage.
Putting a proxy server under internet options or specifying the content the webbrowser can show will not work. Users can change the setting because they have admin access on the machine.
Could you recommend a proxy server? I am not sure will I have to change the configuration manually or will it just kick in? Can I configure it wrt to a computes IP address? I am sorry for being so naive.
Put a Fortigate 50A at your gateway, less than $800 for the box and all subscriptions.
build a lost of address objects that are the permitted sites, put them in a group called internet_permit_list build
Assign the special machine a static IP and create and address entry for it.
Create a schedule with daily recurrance from 12 to 1pm
Create 3 policies from internal to external: as follows
A) special_machine to all always permit nat B) all_internal to all 12pm-1pm-daily permit nat C) all_internet to internet_permit_list permit nat
That would do literally what you have said you want to do.
I think a better way would be to use the same policies, but on each one apply category filtering. Select the categories from the following list that are appropriate for each of the policies above, and allow C) to hit all internet again. Each policy can have it's own set of blocks and permits -- and you can *log* the ones you aren't sure of, to see what kind of activities people are doing inside those types, and then perhaps refine those based on manager feedback to those logs. Or perhaps your company things Pornography, Gambling, Racism, Hacking, Abused Drugs, and Job Search sites are good for the corporate morale as long as it's done on lunch time? Here's the category list anyway....
Potentially Liable Abused Drugs Cult or Occult Hacking Illegal or Questionable Racism or Hate Violence Objectionable or Controversial Abortion Adult Materials Advocacy Groups Alcohol and Tobacco Gambling Militancy and Extremist Nudity Pornography Tasteless Weapons Potentially Non-productive Advertisement Brokerage and Trading Freeware and Software Download Games Internet Communication Pay to Surf Web-based Email Potentially Bandwidth Consuming File Sharing and Storage Streaming Media Potentially Security Violating Malicious Web Sites Spyware General Interest Arts and Entertainment Cultural Institutions Education Financial Data and Services Gay or Lesbian or Bisexual Interest Health Job Search Medicine News and Media Personals and Dating Political Organizations Reference Materials Religion Search Engines and Portals Shopping and Auction Social Organizations Society and Lifestyles Special Events Sports Travel Vehicles Business Oriented Business and Economy Computer Security Government and Legal Organizations Information Technology Military Organizations Others Dynamic Content Miscellaneous Web Hosting
Finally, you can block peer and instant messengers using this box, which may also be of interest, and throw in Intrustion detection and mail/web antivirus too to give yourself a second line of defence against the slow updates and instability of the average desktop antivirus product.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.