Replacing ISA Server

verdura

Hi all,

We are a vocational training center who uses ISA to have internet on all our students. But now we need to get a substitute and pfsense is in our radar but I have some doubts as we can use many differents aspects from pfsense.

Our requirements:

*- Control internet as per user (student)
*- Using passwords from Active Directory
*- Make authentication without any adicional pop-up to enter password (preferably!)

Brief "technologies" in place:

*- AD
*- Microsoft Network Policy Server
*- Certification Authority

So, what's your advice? Do you know any tutorial to help?

Thanks in advance!

KOM

This isn't a support forum.  Try General Questions in the pfSense English Support section.

johnpoz

"*- Control internet as per user (student)"

Why?  The only reason to do this is because student A has different access than B..  Or you need to track how what A is doing vs B..

Why would students need different access.  In a corp you can say that Engineer has more access than plant floor working, or hourly worker vs salary… Having a hard time understand this "need"

Vs looking at what your doing now with your what 17-18 year old ISA??  Are you running 2000, 2003,2004, 2006 or TMG?

What exactly are you trying accomplish.. Why do you have to play internet NAZI?  You do understand users are more than likely just going to surf whatever they want on their phones, etc.

I can see blocking bad shit, trying to be the good guy and protecting users from them selves, p0rn from an HR view, etc.  Limiting bandwidth, so one user doesn't suck up everything streaming a movie..

But why do you need to auth a specific user and track specific user.  Why do these students even need internet while they are suppose to be working on whatever vocation your teaching?

I have worked in content filtering for years and years - way before everyone had a cell phone they could just do whatever they wanted to while at their desk, etc.  The best way to do it was 1 policy..  Everyone blocked!! Or everyone allowed.  Non work related stuff like streaming sports - each ip gets a quota of time, etc.

verdura

Hi  johnpoz,

Thanks for the input.
We are running TMG.
Me needs are my needs… I'm just asking if I can accomplish that with pfsense.

johnpoz

Yes you can filter with squid on user, and report on user.. Yes squid can auth this user from AD.

KOM

He already reposted his question in General Questions yesterday.