Internet Related/Filtering/Firewall Thread, Schoolguardian and vlans in Technical; were currently setting up our network with wireless access points with multissid to enable guest internet access, so far so ...
14th July 2010, 01:14 PM #1
Schoolguardian and vlans
were currently setting up our network with wireless access points with multissid to enable guest internet access, so far so good - we have the aps working accross the switches etc.
Now we need to configure schoolguardian so that secured traffic (domain) goes through NTLM authentication and the unsecured vlan traffic goes through transparent - how do we go about this ?
would we need more than 2 nics ?
14th July 2010, 01:21 PM #2
That's a tough one.
SchoolGuardian hasn't got VLAN support due to the way it was built. The next ISO of it is likely to have this. If you need VLAN support, ask your salesperson to swap it out for our commercial firewall product which does.
I'd suggest using a second, unauthenticated filter port. This will mean you have to let "unauthenticated IPs" access all the sites that you want the unsecured lan to access, but this should not be a big issue. If you want to do transparent filtering though, it could give people on the secure LAN a way to access the sites those on the insecure LAN can access, but without logging a username, which may cause you issues?
14th July 2010, 02:53 PM #3
Hrrm, that's torn it, i was under the impression that it would especially in relation to this post Smoothwall Updates as its a similar issue, back to the drawing board then ? or any more suggestions ?
Thinking out loud maybe redirect somehow to second port authentication settings ?
15th July 2010, 07:45 AM #4
It will, you'll just need to shift the platform, which is a bit of a pain in the backside
15th July 2010, 08:20 AM #5
It may not support the authentication combination you want (yet), but it does support using tagged vlans, however I already have 2 NICs so don't know if it would work with only one. I am using a couple of vlans, as I need 4 interfaces.
15th July 2010, 09:28 AM #6
basically my idea was :-
add vlan to the "internal" nic
then add transparent to the proxy then enable the proxy on the vlan and the "internal" nic
then add dhcp for the vlan
so basically anyone using the guest access on the aps would go throo the firewall, wouldn't need authenticating and the proxy would act transparent
(filtering isnt a huge issue on guests - as long as we can monitor and restrict bandwidth and ports (torrents etc))
plan b will maybe involve an express box / m0nowall - push comes to shove - just wanted less devices in the cab / configure
15th July 2010, 12:50 PM #7
Feel free to use your SG licence for the second box as well, as long as your guardian licence covers all the endpoints in the school, we don't particularly mind how you do it
Thanks to tom_newton from:
15th July 2010, 01:02 PM #8
thats even better! thanks
8th January 2011, 12:29 PM #9
Does this extension of SG license to another box cover Advanced Firewall as well?
By endpoints, does that refer to the number of concurrent SG licenses in the box?
8th January 2011, 03:09 PM #10
By endpoints Tom will mean if you licence for 300 PCs, then between your two (or more) installs you do not exceed 300 PCs in total.
11th January 2011, 03:25 PM #11
Is Advanced Firewall covered as well?
Originally Posted by jpaterson
11th January 2011, 04:45 PM #12
11th January 2011, 06:02 PM #13
Sorry, my interpretation of this seems too good to be true. So, just to check...would we have to get another license to install advanced firewall, and our existing or additional SG endpoint licenses could be on the new box. Sorry if I'm being a dumba$$ asking this, but I don't wanna be breaking any laws.
11th January 2011, 06:58 PM #14
Give me a call after BETT and we'll sort it out (or come to the stand if you're at BETT), but if i'm thinking right you aren't going to have to dig too deep to do what you want
Originally Posted by jpaterson
11th January 2011, 10:24 PM #15
You're a gem, Tom. I hope that they are paying you enough over at SmoothWall ;-)
Hope BETT goes well and not too stressful for y'all. I think I've got your details in my inbox, so I'll give you a call early afternoon Monday.
Last edited by jpaterson; 11th January 2011 at 10:24 PM.
Last Post: 18th January 2008, 11:47 AM
Last Post: 8th June 2007, 11:33 AM
Last Post: 20th April 2007, 07:11 AM
By Simcfc73 in forum Wireless Networks
Last Post: 22nd September 2006, 03:28 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)