I've been asked to setup access control/filtering on a network that has it's own address block (a /24). This is for students who will be connecting to the wireless network. Requirements are as follows.
- Website/category filtering (stop people going on dodgy stuff)
- Outbound port blocking
- Transparent (no need to change router/subnets/etc)
- Captive portal (ideally hooked into AD)
- Logging (at least 1 month).
- Traffic shaping (not essential, but nice)
The client the system to be set up so that if they recieve a complaint that someone has been accessing illegal materiel from the network, they can take an IP address and a date (for at least a month ago) and work out who it was. If this can be done from a nice web interface, even better.
We've looked at Untangle, which seemed to be the best bet, but after talking to their support, seemed to be lacking. It would be good if the system rememebered MAC addresses that people logged in from, so they wouldn't have to keep logging in, but Untangle doesn't seem to support this. They also said that the Captive Portal logs weren't kept very long (couldn't be exact), and that they would be lost when restarting the device. The suggested solution was to copy them off with SSH, and read the logs by hand. Not ideal.
Does anyone know a solution. Untangle sounds like it would be very hard to actually track down someone who was doing stuff on it more than a few days ago – which isn't really acceptable. Surely someone else has done something like this?
Best Answer
You could try a content filter from Smoothwall - sounds like it does everything you need tbh - content filtering, AD integration with web portal login, firewall for port blocking... Certainly worth talking over your requirements with them, it is a commercial product, probably a bit more expensive than untangle, but the support is on a professional footing. [Bias warning: I work for Smoothwall]