Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Replacing ISA Server

    Off-Topic & Non-Support Discussion
    3
    6
    468
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      verdura last edited by

      Hi all,

      We are a vocational training center who uses ISA to have internet on all our students. But now we need to get a substitute and pfsense is in our radar but I have some doubts as we can use many differents aspects from pfsense.

      Our requirements:

      *- Control internet as per user (student)
      *- Using passwords from Active Directory
      *- Make authentication without any adicional pop-up to enter password (preferably!)

      Brief "technologies" in place:

      *- AD
      *- Microsoft Network Policy Server
      *- Certification Authority

      So, what's your advice? Do you know any tutorial to help?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        This isn't a support forum.  Try General Questions in the pfSense English Support section.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          "*- Control internet as per user (student)"

          Why?  The only reason to do this is because student A has different access than B..  Or you need to track how what A is doing vs B..

          Why would students need different access.  In a corp you can say that Engineer has more access than plant floor working, or hourly worker vs salary… Having a hard time understand this "need"

          Vs looking at what your doing now with your what 17-18 year old ISA??  Are you running 2000, 2003,2004, 2006 or TMG?

          What exactly are you trying accomplish.. Why do you have to play internet NAZI?  You do understand users are more than likely just going to surf whatever they want on their phones, etc.

          I can see blocking bad shit, trying to be the good guy and protecting users from them selves, p0rn from an HR view, etc.  Limiting bandwidth, so one user doesn't suck up everything streaming a movie..

          But why do you need to auth a specific user and track specific user.  Why do these students even need internet while they are suppose to be working on whatever vocation your teaching?

          I have worked in content filtering for years and years - way before everyone had a cell phone they could just do whatever they wanted to while at their desk, etc.  The best way to do it was 1 policy..  Everyone blocked!! Or everyone allowed.  Non work related stuff like streaming sports - each ip gets a quota of time, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

          1 Reply Last reply Reply Quote 0
          • V
            verdura last edited by

            Hi  johnpoz,

            Thanks for the input.
            We are running TMG.
            Me needs are my needs… I'm just asking if I can accomplish that with pfsense.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              Yes you can filter with squid on user, and report on user.. Yes squid can auth this user from AD.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                He already reposted his question in General Questions yesterday.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post