Content filtering with granular settings
-
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
-
You could try cisco umbrella (previously opendns) https://umbrella.cisco.com/products/packages or mimecast web security https://www.mimecast.com/products/web-security/
I've previously used untangle and clearos for these as well
-
Nxfilter is a decent and inexpensive option. You can be granular by IP address or by username. All filtering is done using dns.
-
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
-
pfSense with squid and squidguard packages worked well when I last used it.
-
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
-
@JaredBusch said in Content filtering with granular settings:
The only reason to do something like this is it these are public computers. If these are users in an office setting then the problem is management needs to discipline employees.
I agree. I think they are going to end up with something like PiHole when they hear the cost of doing what they actually want to do.
-
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
-
@CCWTech said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
@Pete-S said in Content filtering with granular settings:
What's the problem? Just put the workstation groups on different vlans and route their traffic differently. Block either in firewall, http proxy or dns.
Exactly what I am thinking even if it is Squid. @CCWTech what firewall do you have?
Unifi USG
Gotcha, that does not do content filtering.
-
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
Watchguard purchased Strongarm.io (a competitor to Cisco Umbrella) to get this functionality.
-
@davide-bonavita said in Content filtering with granular settings:
I think the Watchguard firewalls can do this, you can create policies per user or per computer with very granular content filtering (even for https connections)
They do, but content filtering requires an additional yearly subscription to use it.
-
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
-
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
-
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
Yeeez, what can't you stand about them?
-
DNSFilter with Roaming Client deployment would work. It is one of their use cases: https://www.dnsfilter.com/blog/everything-you-need-to-know-about-roaming-clients/
-
@RojoLoco actually they require a subscription even to switch them on
-
@dbeato said in Content filtering with granular settings:
@travisdh1 said in Content filtering with granular settings:
@dbeato said in Content filtering with granular settings:
Even the Sophos XG Firewall do the content filtering decently well, not sure if they want to go that route but I am not a salesman.
I can't stand Sophos firewalls.... guess what they use at work.
No prizes.
Yeeez, what can't you stand about them?
The subscription, and the over-complication of settings by making everything objects instead of ip addresses and ports. Takes 5x to long finding what current settings are, let alone change something.
-
As far as Sophos goes.... my opinion is that the SG is a lot easier to navigate and set up than the XG. That being said - they both work well. You can download the XG software and try it out for free with full functionality.
-
DNSfilter.com, agent install.
