I have been up and down this forum and google search in answer of the questions posed in the thread title. There are many half-pointers and comments such as "you should be able to do via profiles", but never a concrete solution. I'm half-way through 600+ pages of the admin guide. Let me please present the situation I'm trying to manage.
Difficulty
It seems that UTM works well and has lots of flexibility in the "enterprise domain", that is, if you are running Active Directory (AD). Every person logs in somewhere, and UTM can sync with AD and then have profiles based on "user". However, in a small business or home environment, where there is no AD, networks tend to work on DHCP without logins. In this environment, we need profiles based on MAC lists, to represent known users or hardware, and unknown users, e.g. when WLAN is offered to guests at the home/office.
My Situation - and I bet very common with other "home" and SB users
i) UTM 9.2 (just upgraded to this because every says webfiltering is improved in 9.2)
ii) Home License, home usage situation
iii) Running webserver protection on a home-access server and our telephone pbx (yes, we have a simple telephone PBX to link our phone line with the summer house to make internal calls and pick up the home phone when we are away)
iv) Young children that need both web filtering for sites, and web management for limited the time they can use the internet
v) Guests, who I am happy to provide a limited internet access to, but it needs to be automatic after offering them the WLAN password, without me having to go to the Webadmin and set them up.
How would I solve this with a typical firewall/router product?
A./ Set up MAC lists, of the PCs that can access all services all the time. Define rules
B./ Set up MAC lists, of the PCs/iPads that are the kids and require time and site controls. Define rules
C./ Unknown MACs get a "visitor" default profile. Define QoS/bandwidth rules
What do I want to achieve on my new UTM?
1./ Known fixed PCs defined by MAC address, get anywhere, anytime access. Some PCs are fixed IP, e.g. webserver, some are DHCP e.g. laptops, ipads, iphones etc. I would like to avoid logins. This does not work nicely - in terms of simplicity - with WLAN, or for hardware like printers, servers, telephone PBX, etc.
2./ A list of known MACs (ie. children) will have webfiltering all the time, plus an additional set of exclusion/inclusion filters based on a time profile
3./ Unknown MACs (visitors) have webfiltering plus also a bandwidth profile, so they don't leach the whole connection.
+++++++++++++++++++++++++
Research
I have read many times that MAC lists are possible, and I am able to set up MAC definitions in the WebAdmin, but often what I read is that MAC profiles are not possible for webfiltering; it has to be done by setting fixed IPs. This is a PITA since I really want to run DHCP and not worry about changing my gateway address, visitors IPs etc. Now are these comments about not being able to do it "old" ie UTM
http://(?:www\.)?youtu(?:be\.com/wat...(\w*)(&(amp[[;)]]?[/url][\w\?=]*)?that catch just about every youtube derivative. But could someone be so kind as to give me a beginners walkthrough about how to get this working on a time profile on UTM 9.2? Answers like "it should be possible using profiles" don't, unfortunately, help [:(]
In the summer house I'd like to install UTM and have a sign that says "Network X, login password Y" so visitors can so what they need to do, and I have to administer it no further. Their unknown MAC addresses will offer them DHCP based IP and gateway, they will get internet access according to the visitor profile, and THERE WILL BE NO FURTHER INTERVENTION from me, ie setting up fixed IP nonsense.
I would very much appreciate explanation by example. Let's chose youtube as the site to block except 6pm-9pm, and wikipedia as a site to have open all the time. And the visitors get 512Kbit max. Enough for email and browsing, but not youtube, videos, or blocking bandwidth needed for the webcams, telephone, and MY downloads [[;)]].
THANK YOU for reading this far, and thank you for any detailed walkthroughs [:)]
Since this is such a common issue, I will retain and update POST#2 with the best solutions.
This thread was automatically locked due to age.
