block clients from entering internet but with easy way to unblock
-
Hi
we need to setup squid ( or any other solution) to filter web traffic (http and https) from lan clients .
BUT , we would like to have an easy way to permit for a local pc admin to get access to web navigation , simply by tipying a login username / pwd .
Is there any way to setup such a system , using squid or using other pfsense pkg/configurations ?
All the machines are in a domain , all the local users are limited users .
The admin should be able to grant access temporarily to a local , limited user , by typyng the login info or something like that , but he should not need to access pfsense configuration to enable or disable rules .
Maybe a captive portal should be used ?thanks
-
@pcprice said in block clients from entering internet but with easy way to unblock:
The admin should be able to grant access temporarily to a local , limited user , by typyng the login info or something like that
That's exactly what the Captive Portal does, you could even use the Voucher feature. That let's you setup and hand out "authenticated" time-limited access.
https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html
https://www.netgate.com/docs/pfsense/captiveportal/captive-portal-vouchers.html
There will, however, be some admin level management work, either on the pfsense machine itself, or on your RADIUS server. You still have to manage all of these users somehow.
Jeff
-
Hi Captive Portal is an option.
Check oficial docs about:
https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html