Wireless DMZ

Wireless DMZ (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> DMZ

Message

rabjac -> Wireless DMZ (19.Jan.2007 2:55:08 AM)
I've finally got my home ISA wireless DMZ operation (yipppeeeee!!). What I've got is a very relaxed Internet connection (can access all sites from the wireless DMZ). Files can be stored / printed etc from my DC using a VPN connection from the wireless DMZ. What I want to be able to do is block sites that my kids can get to when using the Internet connection. Is this possible with the set-up I've got (I have been following Tom's book for a wireless DMZ set-up). I have a mixture of wireless XP laptops (home and pro versions).

elmajdal -> RE: Wireless DMZ (19.Jan.2007 4:34:15 AM)
Sure, check this : Using ISA 2004 Firewall Domain Name Sets to Control Internet Access start populating the domain name set with the sites u need to block, also block this 3rd Party Proxy Sites ( 7KB / 662 Domains & URL's) so that ur kids do not bypass ur blocked sites using anonymous proxies. the whole list is here : http://isaserver.bm/destination_sets.html

rabjac -> RE: Wireless DMZ (19.Jan.2007 7:59:40 AM)
Hi elmajdal, Thanks for the reply. I've had a quick scan through Tom's article. In general terms the article is based on user/group authentication (unless I've got my Friday afternoon hat on and reading it incorrectly!). At this moment, I've only got anonymous Internet access (no authentication) from the wireless DMZ. Does this mean that I need to somehow make the users from the wireless DMZ trusted? If so how do I go about doing this?

Boedus -> RE: Wireless DMZ (19.Jan.2007 10:08:26 AM)
If your kids are using a different PC than you, you could import those ruleset DB for the Kid's PC only. Or you could set up a HTTP access rule with about 20-30 websites only for the specific kid's PC. Iserver.bm is a pretty nice initiative but there is over 80 millions porn websites so the list is far to be finished :-) But is is free and provides an extra filtering layer to ISA, so it is not bad at all.

mrupright -> RE: Wireless DMZ (19.Jan.2007 10:27:55 AM)
Hi rabjac, If you have an extra pc lying around, you might want to also check out www.censornet.com it is the best open-source content filter available and isn't very difficult to setup. HTH Mark

Guest -> RE: Wireless DMZ (19.Jan.2007 11:00:34 AM)
Hi Robert, you are reading correctly. From what I see you need to have an authenticated access in order to make a difference between users. For example you might like to access some sites that your kids should not. With your current setup you can't do that. There might be a tweek. The only problem: it has some security issues. but with the use you are giving to your network this might not be a problem. to get that tweek working first you need to enable the web proxy on that dmz network because you must have a mechanism to authenticate users. this is the most simple one. without such a mechanism it is impossible to differentiate between users then just put on their browsers the ip address of ISA's dmz interface and the port 8080(default). the tweek is to create some local accounts on ISA which will match the user names and passwords that your kids are using. In this way you don't need that the computers on dmz to be domain members to authenticate. After that you can play with the domain name sets suggested by Tarek and add your name to the exception list. By the way: I recommend you to use encryption on your wireless network. Have fun!

elmajdal -> RE: Wireless DMZ (19.Jan.2007 12:43:04 PM)
quote: Hi elmajdal, Thanks for the reply. I've had a quick scan through Tom's article. In general terms the article is based on user/group authentication (unless I've got my Friday afternoon hat on and reading it incorrectly!). At this moment, I've only got anonymous Internet access (no authentication) from the wireless DMZ. Does this mean that I need to somehow make the users from the wireless DMZ trusted? If so how do I go about doing this? Its up to you , either you need or dont need authentication. if you dont need just create your rule with the Condition : ALL USERS ( = anonymous) [image]http://www.isaserver.org/img/upl/Image27031094729963156.gif[/image] u might be interested in this article : Configuring an Untrusted Wireless DMZ on the ISA Firewall On the other hand , If you do need authentication, then follow Adrian steps.

Page: [1]