Permit only domain computers to access internet

  • Hi,

    I'm testing some firewall solutions for our small-sized company. I have not installed pfSense yet, but I need to know if it can block computers that are not members of my Active Directory domain to access the Internet.


  • I am guessing this isn't going to happen.  It would require, at a minimum, OpenLDAP and a ton of configuration.

    Better question: Why do you need to lock non-domain computers from internet access?  How are they getting on your network in the first place?

  • Why not use Squid and have it setup to authenticate against your domain and use a GPO to predefine the Proxy settings? Would that work?

  • if your switches support, you can use 802.1x authentication through MS IAS on the domain controller to block network access (not just the Internet, but the LAN access as well).

Log in to reply