• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Help me select a Hardware Firewall

M

mitchelt

Senior member
We have a pretty basic office setup with 25 users...no active directory or anything, just a domain login.

I would like to get a new hardware firewall that allows me to set global restrictions on which web sites cannot be accessed and also be able to do restrictions based on specific users...not sure if that is via a MAC address or IP.

For example...the shipping guys have no need to go to YouTube, but the salesmen may need to go to YouTube to see a product demo. And no one needs access to Facebook.

I'm not too much of a network geek..so please keep the conversation level low. 🙄

Thanks!

Mitch
 
mitchelt, odds are very high that the most cost-effective approach to this problem is going to be a PC running one of the free router/firewall software OS distributions. You might also be able to set it up with DD-WRT or OpenWRT on a SOHO-grade router, but at much lower convenience (harder to administer) and performance. If you've got a network of 25 PCs, odds are you can find somebody due for an upgrade and repurpose his old box as your firewall.

There are commercial "hardware firewall" devices that can do this, but they'll cost more.
 
cmetz, thanks for the info. We currently have the Sonicwall TZ170 and it works well...the only problem is it just does global restrictions. We would like to stick with a hardware solution.

Thanks!
 
Juniper SRX100. Runs about $650 for the high-memory model which is exactly what you need. Then you can license web filtering.

The problem with per-user/per-IP/per-whatever filtering is that it really requires more advanced software than you're going to find in a cheap device. You can use a proxy like Squid, but that's high maintenance, expecially if you don't have a linux administrator.
 
mitchelt said:
We have a pretty basic office setup with 25 users...no active directory or anything, just a domain login.
Click to expand...

That doesn't make sense. Unless you've got an NT4 domain, you've got AD if you have domain accounts.

mitchelt said:
I would like to get a new hardware firewall that allows me to set global restrictions on which web sites cannot be accessed and also be able to do restrictions based on specific users...not sure if that is via a MAC address or IP.

For example...the shipping guys have no need to go to YouTube, but the salesmen may need to go to YouTube to see a product demo. And no one needs access to Facebook.

I'm not too much of a network geek..so please keep the conversation level low. 🙄

Thanks!

Mitch
Click to expand...

Commercial solutions for this are usually priced outrageously, so your best bet really is a PC running a form of Linux with a proxy managed either by a web front end or manually. Have you looked at Untangle?
 
Im not sure how you would accomplish that task...what i would say is just create a written policy about what people are allowed to do, and get a web monitor. Then, if there's an issue, print out the logs. Done.

When ppl know they're being actively big brothered they'll cut the sh!t. however...if you have an AD domain, use a group policy. If you dont have group policy, you can list the blocked sites in the IE options since you have a small user base.
 
Last edited:
Endian Community Firewall. Software is fully functional and free, just if you want corporate support is a paid service. They also offer hardware, but any low-end x86 hardware can be used for the free setup. Very easy setup, supports multiple vlans which can be your departmental segregation for web filtering.
 
drebo said:
Juniper SRX100. Runs about $650 for the high-memory model which is exactly what you need. Then you can license web filtering.

The problem with per-user/per-IP/per-whatever filtering is that it really requires more advanced software than you're going to find in a cheap device. You can use a proxy like Squid, but that's high maintenance, expecially if you don't have a linux administrator.
Click to expand...

I second this. Sounds like a great fit for a smaller Juniper SRX. It is a turn-key solution out of the box with some of the best support in the industry.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top