Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
Fedrrr2020-02-09 01:52:53
System administration
Fedrrr, 2020-02-09 01:52:53

How to centrally control Internet access for an average organization?

Colleagues, please advise a tool for organizing Internet access filtering for an employee. Shared Active Directory domain, infrastructure based on MS solutions, about 400 users distributed across 3 sites. Each site has its own Internet access. Bought KAV in standard edition. Mikrotik is used as gateways with network aggregation.
Now on one site access is filtered by Squid with transparent authorization via Kerberos and NTLM, on another site access is filtered through the Web Filtering KAV component, on the third point access is not controlled by anything.
The main criteria, in order of importance:

  1. Ease of deployment
  2. Transparent authorization in AD
  3. To not cost like a helicopter
  4. Automatically updated block lists


I am looking for a solution to restrict Internet access, share your experience, who uses what.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
X
xmoonlight, 2020-02-09
@xmoonlight

pfsense ( manual for setting up authorization in AD)

Report
S
Stanislav Tsoy, 2020-02-09
@S_Tsoy

Kerio control ( https://www.gfi.com/products-and-solutions/network...

Report
C
CityCat4, 2020-02-09
@CityCat4

In the office in which I worked in the 14th year - very robust, very rich and having a network of branches "from Moscow to the outskirts" access to the tyrnet was built quite simply - everyone went through a single Moscow proxy (squid essno), where block lists and authorization in the domain and access by groups were configured. There was no bumping, because in those days it was not particularly relevant.
It will be really amazing for you how - because now everyone has been issued certificates to anyone, and it's easy to cheat the employer in this way - for example, you go to mail.ru and inside the connection (which is opaque for squid) switched to video.mail.ru, love.mail. ru etc.
You don't have a lot of options - except for Kerio, about which I won't say anything, except that I know what squid is - there's nothing special ...

Report
K
Kelv13, 2020-02-10
@Kelv13

If you stop at Kerio - test and chat with technical support before buying)

Similar questions
L
LakeForest2022-01-17 14:02:30
How to write a class decorator to check that a class field has been initialized? 2Reply
N
Nikolai2018-12-17 14:00:33
How to enable zoom on selection in Figma? 7Reply
V
Vi2016-02-19 15:18:05
SSH without password to 10000 servers? 6Reply
R
Rofler6662018-07-08 20:18:43
Why doesn't hdmi transmit 144 hertz even in hd? 1Reply
A
Alexey Vladimirenko2016-02-22 15:23:34
How to control several Mikrotiks at the same time? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question