+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Internet Related/Filtering/Firewall Thread, Schoolguardian and vlans in Technical; were currently setting up our network with wireless access points with multissid to enable guest internet access, so far so ...
  1. #1

    Join Date
    May 2010
    Posts
    993
    Thank Post
    98
    Thanked 74 Times in 60 Posts
    Rep Power
    45

    Schoolguardian and vlans

    were currently setting up our network with wireless access points with multissid to enable guest internet access, so far so good - we have the aps working accross the switches etc.
    Now we need to configure schoolguardian so that secured traffic (domain) goes through NTLM authentication and the unsecured vlan traffic goes through transparent - how do we go about this ?
    would we need more than 2 nics ?

    cheers

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    That's a tough one.

    SchoolGuardian hasn't got VLAN support due to the way it was built. The next ISO of it is likely to have this. If you need VLAN support, ask your salesperson to swap it out for our commercial firewall product which does.

    I'd suggest using a second, unauthenticated filter port. This will mean you have to let "unauthenticated IPs" access all the sites that you want the unsecured lan to access, but this should not be a big issue. If you want to do transparent filtering though, it could give people on the secure LAN a way to access the sites those on the insecure LAN can access, but without logging a username, which may cause you issues?

  3. #3

    Join Date
    May 2010
    Posts
    993
    Thank Post
    98
    Thanked 74 Times in 60 Posts
    Rep Power
    45
    Hrrm, that's torn it, i was under the impression that it would especially in relation to this post Smoothwall Updates as its a similar issue, back to the drawing board then ? or any more suggestions ?
    Thinking out loud maybe redirect somehow to second port authentication settings ?

  4. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    It will, you'll just need to shift the platform, which is a bit of a pain in the backside

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110
    It may not support the authentication combination you want (yet), but it does support using tagged vlans, however I already have 2 NICs so don't know if it would work with only one. I am using a couple of vlans, as I need 4 interfaces.

  6. #6

    Join Date
    May 2010
    Posts
    993
    Thank Post
    98
    Thanked 74 Times in 60 Posts
    Rep Power
    45
    basically my idea was :-
    add vlan to the "internal" nic
    then add transparent to the proxy then enable the proxy on the vlan and the "internal" nic
    then add dhcp for the vlan

    so basically anyone using the guest access on the aps would go throo the firewall, wouldn't need authenticating and the proxy would act transparent
    (filtering isnt a huge issue on guests - as long as we can monitor and restrict bandwidth and ports (torrents etc))

    plan b will maybe involve an express box / m0nowall - push comes to shove - just wanted less devices in the cab / configure

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Feel free to use your SG licence for the second box as well, as long as your guardian licence covers all the endpoints in the school, we don't particularly mind how you do it

  8. Thanks to tom_newton from:

    caffrey (15th July 2010)

  9. #8

    Join Date
    May 2010
    Posts
    993
    Thank Post
    98
    Thanked 74 Times in 60 Posts
    Rep Power
    45
    thats even better! thanks

  10. #9
    jpaterson's Avatar
    Join Date
    Feb 2009
    Posts
    153
    Thank Post
    141
    Thanked 6 Times in 6 Posts
    Rep Power
    18
    Does this extension of SG license to another box cover Advanced Firewall as well?

    By endpoints, does that refer to the number of concurrent SG licenses in the box?

  11. #10

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,488
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    By endpoints Tom will mean if you licence for 300 PCs, then between your two (or more) installs you do not exceed 300 PCs in total.

  12. #11
    jpaterson's Avatar
    Join Date
    Feb 2009
    Posts
    153
    Thank Post
    141
    Thanked 6 Times in 6 Posts
    Rep Power
    18
    Quote Originally Posted by jpaterson View Post
    Does this extension of SG license to another box cover Advanced Firewall as well?
    Is Advanced Firewall covered as well?

  13. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Should be OK, yes.

  14. #13
    jpaterson's Avatar
    Join Date
    Feb 2009
    Posts
    153
    Thank Post
    141
    Thanked 6 Times in 6 Posts
    Rep Power
    18
    Sorry, my interpretation of this seems too good to be true. So, just to check...would we have to get another license to install advanced firewall, and our existing or additional SG endpoint licenses could be on the new box. Sorry if I'm being a dumba$$ asking this, but I don't wanna be breaking any laws.

  15. #14


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Quote Originally Posted by jpaterson View Post
    Sorry, my interpretation of this seems too good to be true. So, just to check...would we have to get another license to install advanced firewall, and our existing or additional SG endpoint licenses could be on the new box. Sorry if I'm being a dumba$$ asking this, but I don't wanna be breaking any laws.
    Give me a call after BETT and we'll sort it out (or come to the stand if you're at BETT), but if i'm thinking right you aren't going to have to dig too deep to do what you want

  16. #15
    jpaterson's Avatar
    Join Date
    Feb 2009
    Posts
    153
    Thank Post
    141
    Thanked 6 Times in 6 Posts
    Rep Power
    18
    You're a gem, Tom. I hope that they are paying you enough over at SmoothWall ;-)

    Hope BETT goes well and not too stressful for y'all. I think I've got your details in my inbox, so I'll give you a call early afternoon Monday.
    Last edited by jpaterson; 11th January 2011 at 10:24 PM. Reason: typo

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. SchoolGuardian Error??
    By Gatt in forum *nix
    Replies: 3
    Last Post: 18th January 2008, 11:47 AM
  2. SchoolGuardian + WSUS
    By dave.81 in forum *nix
    Replies: 10
    Last Post: 8th June 2007, 11:33 AM
  3. SW SchoolGuardian
    By Gatt in forum *nix
    Replies: 17
    Last Post: 20th April 2007, 07:11 AM
  4. SchoolGuardian
    By Simcfc73 in forum Wireless Networks
    Replies: 23
    Last Post: 22nd September 2006, 03:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •