Networking dilema...

[NathanBWF]

So the night shift crew at our remote site is abusing their internet rights (i.e. pRon). We'd like to be able to kill the internet connection say after 6pm. Unfortunately we have a VPN connection over the internet which we need to keep alive so that they can still access our UNIX server here in my city and continue to work. There is a Cisco 506 PIX firewall here and one there that links the VPN together.

I don't think this is possible, but is there a way to say kill www traffic after 6pm via the remote locations PIX somehow?

Or is their any other way I can get this done?

I've also thought about installing Net Nanny or something along those lines on the remote locations PC's but don't really want to go that route if I don't have to...

 

[whalen]

I'm not sure if the PIX supports any sort of policy firewall rules that allow for specific rules to be active at certain times of day...it probably does but i'm not sure of the syntax off the bat. Basically all you need is a deny rule that is active after 6:00pm until 6:00am or so that drops all traffic destined for 0.0.0.0/0 :80. You could also drop all traffic except for traffic going toward the other VPN site.

I dont think this is the answer though, as i'm sure the workers need to have access to websites to do research in solving issues, etc. Why not just sit down and have a talk with them, and let them know its against company policy and if they continue to do it, they could face termination, etc.

 

[whalen]

Do a google search for Time-based ACL's:

"Time-based access control lists provide administrators greater control over resource usage by defining when certain ACL entries are active."