Question to Russian-speaking pfsense developers
-
Done!
-
Just a comment for your consideration.
Usually paid support from pfsense.org can come to you more efficiently and quicker and better solution than anything you will find.
The english side can be amortized to a certain degree but the quality of the delivery would be higher especially since it might have already been developed :) -
The author has a problem with a detailed description of the question in English. In my opinion, easier to begin to describe the problem without details. So it will be easier to understand.
-
I do not need a paid support, i need development a lot a special features.
-
I do not need a paid support, i need development a lot a special features.
Ermal was referring to our commercial development services. Depending on what captive portal customizations you're looking for, there is a good chance we already have them done in private and could provide them to you at a significantly lesser cost than someone starting from scratch. We would have to work together in English though, we don't have anyone who speaks Russian. Feel free to email me (cmb at pfsense dot org) if you would like to discuss.
-
Ok i will send the e-mail, and post it here.
A little about topology of our network (see the picture):
1. We have a large-scale branch network with territorial principle of division.
2. All branches (B) connect to Main Office (MO) over ip tunnel and all traffic sends from branch to MO.
3. All branches are in Windows AD.
4. In each MO have AAA server that provide Internet access to user based on AD Authentication.We need:
1. Authorization based on Windows AD.
2. For user authorization use Captive Portal web form.
3. Traffic statistic with division on groups based on a branch subnet.
4. Traffic statistic with division on users inside a group.
5. Differen firewall ruleset for different domain groups.
6. Web interface with division based on branches.
7. Web interfase with division on user inside braches.
8. Web the interface for management firewall rules, groups of users, creations of new branches etc.
9. Different access level to observe traffic statistic. (i.e. manager of branche can see statistic only for own branch).
10. Global statistic for Adminitrators.
11. For some devices (Ips) in branche provide Internet connection without authorization with possibility to group of these addresses.A lot of these features are realized in Kerio Control but we can not use it because it proprietary product without possibility to change anything.
-
That wasn't quite what I was expecting in captive portal customizations, you're looking at a different scenario than what we have done in private labeled builds to this point. Most of that is doable out of the box already with no custom development. The ones that aren't are #5 and #9, both of which are very involved projects. #9 you won't find on any firewall and is better suited for a server application, some commercial ISP-grade traffic reporting solutions do provide that but they're expensive (tens of thousands USD).
Maybe something dvserg can take on for you.
-
@cmb:
That wasn't quite what I was expecting in captive portal customizations, you're looking at a different scenario than what we have done in private labeled builds to this point. Most of that is doable out of the box already with no custom development. The ones that aren't are #5 and #9, both of which are very involved projects. #9 you won't find on any firewall and is better suited for a server application, some commercial ISP-grade traffic reporting solutions do provide that but they're expensive (tens of thousands USD).
Maybe something dvserg can take on for you.
Thanks. Ok, #5 it is not necessary. But why #9 so difficult?
#9 I mean, manager of the branch when login to Web statistic page, can see statistic for own subnetwork only. As far i know, its very simple to realize by php script. (Managers login can be in local db)If we exclude #5 and #9 (if its really difficult), how difficult to develop another features?
-
If you push it out to the branch level, that's easier, your description made it sound like you wanted to recreate Plixer's Scrutinizer product from scratch or something similar.
If you exclude #5 and 9, then everything you're looking for is already doable, no development needed.
-
@cmb:
If you push it out to the branch level, that's easier, your description made it sound like you wanted to recreate Plixer's Scrutinizer product from scratch or something similar.
But in this situation i can
t see traffic statistic per user in branch? It
s not usable for me :(
I think in my case netflow collector are needed (on LAN interface before NAT), and need to combine login+logout time for user with timestamp+IP+data block size in netflow log.
AFAIK, it is possible to do by standard freebsd tools + some corrections is web scripts. Isn`t it?