Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 1562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to restrict some computers

aly_01
Hello,
Here in our network some computers should be configured such a way that they are allowed to visit only some web sites.Other web sites are to be restricted. 
We use proxy server and firewall. If I do not include the computers name in proxy settings, then  that computer has no access to internet  at all. If I include it, then it accesses whole the web. In filtering rules I entered a rule which allows the computer to access only http/https/dns protocols and only to a list of wbe sites . Those web sites I defined in Network groups definition. This also does not work.
 How can I resolve this? thanks. 


This thread was automatically locked due to age.
  • 0
    please read the manual(s) and the online help.
    Here are some buzzwords:
    • packetfilter 
    • surfprotection
    • black/whitelists
    • transparent HTTP proxy
    [/list]

    good luck  
  • 0 in reply to Vukasin
    Thank you Padre for reply,
    I have Disabled HTTP Proxy server and added filter rules. 
    My question now is,I have to restrict Comp1(192.168.0.20) and allow only Allowd_Protocols (HTTP/HTTPS/DNS protcols) to Allowed_Sites.
    In my filter rules I set:
    From: Comp1
    To: Allowed_Sites
    Service:Allowed_Protocols
    Action:Allow

    From: Allowed_Sites
    To: Comp1
    Service:Allowed_Protocols
    Action:Allow

    From: Any
    To: Intranet (local net, 192.168.0.*)
    Service:Any
    Action[:D]rop

    After setting this rules it seems to work. Question is, is it safe enough not to use HTTP Proxy server?
    Thanks.  
  • 0 in reply to aly_01
    You should allways have a "drop all" rule at the end of your ruleset. The normal policy would be drop everything unless I say otherwise [;)].
    Rule Allowed_Sites->Comp1 should not be needed as the contracking should let these packet trough anyway.

    Generaly, this should be enough:
    Code:
    Src: Comp1

    Dest: Allowed_Sites

    Service: Allowed_Protocols

    Action: Allow

    

    Src: Any

    Dest: Any

    Action: Drop
       
  • 0 in reply to Vukasin
    Thank you Padre,
    Now things seem to work ok. 
  • 0 in reply to aly_01
    You are very wellcome my child [;)]