![]() ![]() ![]() ![]() What I found after putting on the certificate and turning onĭPI-SSL is that it would not allow access to any https sites and no way to Our SonicWall NSA 3600 for example is no longer allowed by certificate authorities to filter encrypted web pages. Google requires encrypted search results and others are moving that way, as is the entire web. While the user may not access the site, the media will still be available. Open DNS and Barracuda or SonicWall stop access to sites, but Google encrypts all searches and users can turn off safesearch in browsers, which means results will be visible ( media, photos and videos). We have seen the end to good web filtering solutions. This is do-able with other filtering solutions, although I think you'll find as I did, they are much more expensive. if you needed different "groups" to have different filtering restrictions (like B) then you'd need to be be running multiple DNS Redirector servers. One server will support 3 levels of filtering.Ī) No-Internet at all, or access to just a white-list of sitesī) Internet access with restrictions based on your black-list of sites or those disallowed by category (porn, malware, proxies, etc.) Since I use DNS Redirector the most I can only speak to that product, it doesn't care how many "users" there are, it only cares/tracks how many IP devices on the network are using it. How you put "users" into those groups (are you really putting in the device IP/MAC or are you really putting in a user account/login) varies by product. "maintenance department" and you could apply a different filtering policy to each. Some filtering solutions will allow you to create "groups" for example "students" vs. I don't know of anything that can tell which "user" is on a Mac laptop, and iPad/iPod is always 1-user (just the device itself) You need to understand how any particular filtering solution recognizes a "user"įor example, some filtering solutions think a user is device (meaning 1 IP address) and other solutions think a user is a Windows active directory account. ![]() So even if the device is not set to use a filtering policy imposed by the 8e6 box, the device is still filtered or maybe just NXDomain hijacked by OpenDNS. It is possible that your internal DNS servers forward to OpenDNS (or even the OpenDNS IPs are set on client computers directly). Can they be used across a network that is a loose collection of separate domains, meaning that all of the domains go to a master domain to be filtered, such as a bunch of county offices scattered around that go through a main office?Īlso, among the ones that offer filtering by user, can they also use filtering through MAC address, such as for iPods, iPads, and any other device that does not actually have a user and would still need filtering? IP address filtering is a pain because it requires reservations on the DHCP if you don't want the filtering on the device to be jumping around because the DHCP gives it a different address or that device switches to a subdomain that is governed by a different DHCP with a different set of IP addresses.Ĩe6 R3000 is an appliance, as far as I know. The devices that filter by user instead of IP address look to be the most promising. I've looked at the options and they seem to be decent. It sounds like we have OpenDNS because I do get some pages with that that come up when I type in a faulty web address on a machine that is bypassing most of the filter. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |