I'm a representative of a small municipality which uses WatchGuard systems for our online security. Due to the size of the municipality, there's not enough funding available to have a full (or even part time) IT department employee, thus I do my best to fill the role. However there's no mistake, I don't have skill set required to fully operate the role. It's for this reason that I'm reaching out for assistance.
At this point there are several employees who abuse our lack of technological grasp, and spend the day siphoning bandwidth through use of youtube, and time-theft through use of online stock trading programs.
Although my employer is not opposed to the use of business resources for personal needs after hours, during office hours this cannot be a factor. I'm looking to accomplish two goals:
1) Disable use of certain applications on our network during work hours (or altogether if that's easier)
2) Block basic sites during all times; to ensure protection (sites such as youtube/netflix as they're not required, as well as pornography sites and other potentially harmful sites).
Our ISP provides a modem > which is linked to a T30 firebox > which is then split (2x 16 port splitter boxes) into every computer
Star-system; Our server computer is supplied internet after the split from T30, and holds the WatchGuard software.
Every computer receives internet through the splitter boxes after T30.
What I'm looking for:
I'm looking for a way to be able to identify and disable downloaded applications' access to internet if the application is not required for work. I have identified the application name, and could theoretically replace the host file to block the IP that application uses. This is not a sustainable option as the employee could remove the host file themselves, and the application gets information from a set of servers so blocking several IPs may be rendered useless. I'm looking to either create a firewall rule on the server somehow that blocks that application from every computer on the network, or use WatchGuard to create a same/similar rule.
Also, secondarily I'm looking to block netflix/youtube from most (but not all if possible) users/computers, especially during work hours.
Any assistance would be greatly appreciated.