Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Replacing microsoft TMG with proxy server to block internet for VLAN


  • Please log in to reply
4 replies to this topic

#1 jorgeb1024

jorgeb1024

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 June 2018 - 11:11 AM

I have 6 VLANS in my network.  i have a small VLAN with 15 computers, i need to block those users from the internet, i currently do this with TMG from microsoft which is old and no longer supported.  i am looking for a new open source solution.  what is the most recommended way to accomplish this?  this specific vlan needs network access (they have 3 servers they need to connect to) but basically just need to be blocked from the internet.  only one of the users should be allowed, this is the manager.  Thanks in advance.  I was looking into ipfire.  some of the solutions from barracuda might be too much for this small task.


Edited by jorgeb1024, 15 June 2018 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:23 AM

Posted 15 June 2018 - 01:28 PM

Turn off internet explorer. You can do this in the control panel under "Programs and Features", Select Turn Windows features on or Off on the left hand menu. Standard users wont be able to turn Internet explorer back on, however the manager (with administrative rights) can.


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 jorgeb1024

jorgeb1024
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 June 2018 - 01:44 PM

Thanks sneakcyber, is there any solution where i can point them to a different gateway, which dissalows internet access? as opposed to turning off IE ?



#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:03:23 AM

Posted 15 June 2018 - 01:49 PM

Set the DNS address of the computer to 127.0.0.1. It will not resolve any websites (or hostnames).


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#5 toofarnorth

toofarnorth

  • Members
  • 379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 17 June 2018 - 02:00 PM

Your best bet is to make sure the gateway doesnt allow them out on the internet.

So, a firewall with user authentication should do what you are looking for.

If you want to go free, pfSense will do almost anything your heart desires.

Or you could buy a hardware device from companies like eg: Fortinet, CheckPoint, Sophos and others
I know Sophos can provide them as virtual machines too.

I run their "free for home" useage version in my home testlab :)

Hth!

tfn
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users