How do I block internet at work?

Z

zaber

Active Member
Joined
Jun 7, 2009
Messages
89
Reaction score
0
We have an incoming satellite internet signal, followed by a CISCO (Model BEFSR41 4 Port Switch) router. Hereafter the signal is fed to 19 computers on site via a local network. We do not have a server and there is no pc between the router and the network.

I only want to allow 4 senior persons to have full internet access, the rest of the guys most only be able to access their Gmail accounts in order to send and receive e-mails, nothing else.

I have asked around, but can't find a solution. Some guys say if I block Google then Gmail will also be blocked seeing that they are linked somehow.

Any thoughts/ideas on how to solve this problem please, seeing that my knowledge is extremely limited on this subject?
 
get a routerboard and do the blocking on there.
 
I use a combination of rules on the router that allows on a certain range of IPs out onto the internet. The IPs outside of this range have access but http is blocked. We also use Google Apps and I have configured in the Google Apps Admin Dashboard that only https access to mail is allowed, ie only https://mail.google.com/a/xxxxxx and not http://mail.google.com/a/xxxxxx
If you are not using Google Apps then I think that there is a setting within your users Gmail settings that allows https access which they just need to enable or send them a link to https://www.gmail.com
I also use OpenDNS to restrict access but OpenDNS is not a blocking tool.
Our router is a simple Linksys device.
Hope this helps
 
Probably possible with difficulty. Unfortunately I'm only doing my cisco training in a few weeks.

If the router has the capability, maybe create an ACL to block all (except the people/ip's needed), and another to allow the others to the google subnets on pop/smtp ports. (rule order will probably be something like allow full for X, allow mail for Y, deny all)
Easiest would most likely be to put a small/old machine (old p3/p4?) between them and the router/satellite with a transparent proxy & router.
 
repitah said:
Probably possible with difficulty. Unfortunately I'm only doing my cisco training in a few weeks.

If the router has the capability, maybe create an ACL to block all (except the people/ip's needed), and another to allow the others to the google subnets on pop/smtp ports. (rule order will probably be something like allow full for X, allow mail for Y, deny all)
Easiest would most likely be to put a small/old machine (old p3/p4?) between them and the router/satellite with a transparent proxy & router.
Click to expand...


This is a Linksys device so it doesnt run IOS .... good thing youre going on that course hey.. :-D
 
Is this a Cisco router or a Linksys router provided by Cisco ? There's a huge difference. I ran the model number and it comes up with Linksys.

If its Linksys, setup the Mac address filtering in the Security tab.

If you want to allow those people to also have Gmail access, that might be a problem because the mac filter will block mostly everything.

You would most likely need some sort of firewall/content filter device/application to meet your needs, as said above.

If this is an actual Cisco device, then it gets a lot more complicated.
 
zaber said:
We have an incoming satellite internet signal, followed by a CISCO (Model BEFSR41 4 Port Switch) router. Hereafter the signal is fed to 19 computers on site via a local network. We do not have a server and there is no pc between the router and the network.

I only want to allow 4 senior persons to have full internet access, the rest of the guys most only be able to access their Gmail accounts in order to send and receive e-mails, nothing else.

I have asked around, but can't find a solution. Some guys say if I block Google then Gmail will also be blocked seeing that they are linked somehow.

Any thoughts/ideas on how to solve this problem please, seeing that my knowledge is extremely limited on this subject?
Click to expand...

there are tons and tons of solutions....what is ur budget? Are the machines the drones using belonging to you or their own? How are ip's allocated?
You have options like:
paid for filtering service (something like websense express would work very well)
free firewall distribution with filtering plug in ( as advised by others)
Dns blocking
Client side AV Application control rules ( IE lock AV settings and use Application control to disallow browsers, then allow outlook to be configured to connect to gmail?)
Some routers/modems allow url blocking out of the box
et etc etc
 
Cube3 said:
Is this a Cisco router or a Linksys router provided by Cisco ? There's a huge difference. I ran the model number and it comes up with Linksys.

If its Linksys, setup the Mac address filtering in the Security tab.

If you want to allow those people to also have Gmail access, that might be a problem because the mac filter will block mostly everything.

You would most likely need some sort of firewall/content filter device/application to meet your needs, as said above.

If this is an actual Cisco device, then it gets a lot more complicated.
Click to expand...

I wanted to post some pics of the router,but see that I am not allowed. Well, on the front is shows CISCO and on top it also shows LINKSYS.
 
Cool its Linksys, but it's not going to sort out the issue of blocking people and giving them Gmail specific access.....

It might be worth while getting a router that supports a content filter which will allow you to configure websites permitted etc.

Alternatively get an opensource box..... PFsense provides you with lots of functionality and its free to download.... relatively easy to install and configure.
 
Proxy/firewall. use an old pc and one of the many free ones out there.
 
tau1z said:
I would rather be burnt alive
Click to expand...

Ja, rather leave the MS stuff for the pro's

We just threw out 2 fortigate firewalls after 1 week, useless compared to ISA..., better that ISA 2006, but does not come close to TMG
 
dude why not get an IT guy to do it for you ?

I would charge R150 Site evaluation and then R300 to do the whole implementation.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X