How to provide "internet provisioning function transfer from the router"?

P

proxyR2020-06-19 08:42:45

Computer networks

proxyR, 2020-06-19 08:42:45

Hello.
I admit, I'm not so well versed in networks yet, and yet, I hope you can tell me.

1. There is a functioning router on which the Internet is configured, a corporate network accountant.
2. Objective: to provide storage and analysis of Internet traffic by users. Blocking by white/black lists.
3. Have a Powerful PC with Windows Server 2012 R2. The domain controller (further CD) is configured.

Questions:
1. How to implement the functions of "transferring the Internet provisioning function from the router" to perform 2.p.? It means where to connect patch cords from CD network cards? (I assume, but doubt my understanding)
3. And how did you implement 2p., based on the above conditions for performing 2p.?
I admit, the questions are stupid, but I hope you clarify. Thank you for your attention.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

Talyan, 2020-06-19
@flapflapjack

You need a switch with netflow support. Almost all managed switches can do this now.
On the server, you raise flowtools or something like that (I don’t know under Windows). Set up netflow on the switch, and send information about traffic from the desired switch port to the netflow server. Read about netflow on Google. You will see statistics on any traffic - tcp, udp.
If you only need http logs, then just install squid and configure logs in it.

C

CityCat4, 2020-06-19
@CityCat4

Depends on how deep the analysis is needed. In the simplest case, it is enough to write netflow (I once used trafd for this), but of course there are no black and white lists there.
In a more difficult case, install squid, though you need to remember that the current one will turn almost all of it to https, so bumping will simply be an urgent need.
You don’t need to poke anything anywhere, everything is done at a logical level.