Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feasibility of pfSense + Squid + SquidGuard

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    1
    1
    662
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      golmaal
      last edited by

      Hi,

      First time poster here with no prior experience in pfSense and Linux.

      We are planning to deploy pfSense on a network with around 75 people, single server environment with Windows 2008 R2 as PDC. Currently we are using WatchGuard but not satisfied with it at all.

      We have a spare Core i3 computer with 120 GB HDD and 4 GB RAM; can upgrade the RAM and HDD if required.

      We are planning for a non-transparent proxy which will be configured via DHCP (on Win2k8 server mentioned above).

      Is the following setup feasible:

      1. Authentication using LDAP
      We have three primary OU in our AD (1 for owners, 1 for managers, 1 for junior staff). Can the users be automatically authenticated by pulling AD data from server? I read that it is possible, but what happens when a new user is added to any of the OU? Will it require re-sync or the data is pulled automatically?

      2. Category based filtering using SquidGuard
      Though not absolutely necessary, we would like to provide filtering based on OU e.g. users in "Owners" OU will get full access, users in "Managers" OU can get less restricted access and users in "Junior" OU get more restricted access.

      3. Bandwidth throttling based on OU
      Similar to above, we would like to provision varying level of bandwidth for different OU.

      4. Access to smartphone via wifi without any authentication
      Owners would like their smartphones to connect to wifi via a WAP and get unrestricted access. Is there a way to bypass certain MAC addresses so that they get full access without any authentication?

      If OU based authentication is not feasible, we can even go for something based on IP. For example, we can change our DHCP scope so that owners' and managers' systems get a specific range of IP based on their MAC addresses and other users get dynamic IP from a specific range i.e. we can reserve:

      192.168.1.100 to 192.168.1.200 for junior staff
      192.168.1.220 to 192.168.1.240 for manager
      192.168.1.245 to 192.168.1.254 for owners

      Keen to know your thoughts…are we targeting something that is not possible?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post