• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need to provide Internet blocking based on AD users and Load balancing. What to use?

S

starriol

Member
At my company we want to give certain people (users in our Windows 2003 Active Directory) limited access to the Internet. That is, block all ports except 80 (web) and only provide access to a list of aproved sites, while other users should have irrestricted access.

Also, since the company has grown very dependant on Internet, we need to have 2 ISP in case one fails, which has been happening a lot recently.

We have 2 servers right now, one which is a Core 2 Duo with 2 GB of RAM that we use as a file server & application server for an accounting software.

The other server (Pentium 4, 3 Ghz with 512 of ram) we use as a mail server with mail daemon. It works perfectly well in that function.

What I was thinking about doing is to move the Mdaemon server to the Core 2 duo with 2 GB of ram, since it should be more than enough to handle all the services and use the "slow" Pentium 4 (upgrading it to 1 GB of RAM) as Router, DHCP server, firewall and load balancing server with ISA server 2006 under Windows 2003.

Does ISA server have the capabilitie to establish rules of Internet access based on users? Can a machine like this handle the load balancing in both software and hardware?
We don't have too many traffic and currently we have a Linksys BEFSR41 ver. 3 which works OK with just one ISP.

Do you guys think this will work out? I can't buy a great cisco router since they are too expensive for our company and I don't trust Linksys/d-link routers for this kind of operation....

Thanks for your ideas.
 
Some guy at another forum told me that ISA doens't allow more than one default gateway, so I coulnd't do load balancing... but Windows 2003 has a tool in administrative tools at the control panel to handle load balancing... is it possible to do it with ISA + that tool? Is it simple?

If that's not possible, what about installing Pfsense as a VM ware OS and using it's virtual IP as the default gateway for ISA server?

That way, users connect to the ISA proxy/firewall, I block all I don't want out (does ISA allow url blocking or what I want, some users entering to just some allowed urls) and then ISA server routes to the Pfsense which routes to one of the two ISPs?

That's complicated, just the way I LOVE thigs 😀

But it can work, right?
 
I think you need 2 things here... a load balancer, and a firewall that will integrate with AD. ISA fits the bill for the second one, the first is more complicated....there are SOHO dual wan routers, but I don't trust them. If you are 'BSD or 'Nix capable, I'm sure either one could do the DUAL wan load balancing act.
 
I just checked Pfsense FAQs and it said that it DOES support mutiple WANs, but no failover.

Does it means that if a connection goes down, the Pfsense router doens't notice and loses packets? Anyone had this scenary happening? Will it just make the network a little more saturated in case a of link going down or does it cause major problems?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top