+ Post New Thread
Results 1 to 3 of 3
Internet Related/Filtering/Firewall Thread, directed to block all video - limited tools in Technical; Hey again, I'm being directed to block all types of video to our remote schools, and have limited tools to ...
  1. #1

    Join Date
    Jun 2008
    Thank Post
    Thanked 3 Times in 3 Posts
    Rep Power

    Question directed to block all video - limited tools

    Hey again,

    I'm being directed to block all types of video to our remote schools, and have limited tools to do this with. Here's what I'm playing with:

    In the elementary schools (we have 3), I have core Cisco switches and a Cisco router. Internet traffic then goes over lines to our main site, (in through our Cisco router), and is in turn sent back out to the internet, through our Fortigate web filter. Elementary schools are currently connected to the main site via two T1 lines (3 Mb total) and an additional T1 that's reserved for voice traffic. Our main site has a sufficient connection to the web that we're not concerned with rate limiting yet.

    The goal is to limited bandwidth used by the remote schools, while allowing access to certain critical software (student information system, food services, library automation, etc), and provide web access, but nothing bandwidth-intensive.

    Short of blacklisting video streaming sites, what's the most effective way to do this? Block port #'s that carry streaming video? Use rate limiting (?) on the Cisco equipment to restrict how much bandwidth a specific port can use?

    Is QOS an option in the Cisco equipment to prioritize certain traffic? If so, are there resources I can research on how to set this up and verify that it's working?

    Our web filter, the Fortigate, claims to be able to be able to reserve bandwidth for certain connections but doesn't appear to have worked in the past.

    I'm relatively weak in the switch / router configuration department, so there may be more out there that I'm unaware of.

    Hopefully that is a start...any ideas?

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Alcester, Warwickshire
    Thank Post
    Thanked 777 Times in 650 Posts
    Rep Power
    If you block out ports for video streaming sites you'll just see a surge in flash videos, which come down through HTTP so you can't break them at router level (router is layer three, flash works at the application layer, seven). You need to concentrate on some kind of filtering, either what you've got already or some alternative.

    My solution here is Smoothwall, which is available free with limited features, because it Just Works (tm). But there are plenty of other filters in use in schools, or you could even be as drastic as forging DNS records for popular sites so they can't be resolved (which is what I used to do).

  3. #3

    Join Date
    Aug 2005
    Thank Post
    Thanked 529 Times in 452 Posts
    Blog Entries
    Rep Power
    Don't know the fortigate product at all, but a bit of googling suggests that its web filter can import squidguard blacklists. If this is true, then look at SquidGuard for some sets of blackists; there's one called "audio video" which is basically a list of popular web sites providing video. If you blocked all of those then it would be a start!

    In ISA server and Squid there's a facility to say "for Mime type XXXX allow YYY% of bandwidth" - this makes it easy to say that audio/video is seriously throttled on every web site but everything else goes through OK. Can you have a look for something similar in fortigate???

+ Post New Thread

Similar Threads

  1. Limited or no connectivity.
    By boomam in forum Windows
    Replies: 39
    Last Post: 6th March 2008, 12:23 PM
  2. [CLOSED] Improvement: Limited to 4 images in msg
    By SimpleSi in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 31st January 2008, 07:45 PM
  3. Limited accounts - XP
    By benannett in forum Windows
    Replies: 4
    Last Post: 11th March 2007, 05:15 PM
  4. Maxi Million Limited
    By wesleyw in forum Recommended Suppliers
    Replies: 2
    Last Post: 19th June 2006, 07:55 PM
  5. Re-directed folder oddity
    By mark in forum Windows
    Replies: 3
    Last Post: 21st April 2006, 08:22 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts