DNS Blocking
Good evening,
I'm a representative of a small municipality which uses WatchGuard systems for our online security. Due to the size of the municipality, there's not enough funding available to have a full (or even part time) IT department employee, thus I do my best to fill the role. However there's no mistake, I don't have skill set required to fully operate the role. It's for this reason that I'm reaching out for assistance.
The problem:
At this point there are several employees who abuse our lack of technological grasp, and spend the day siphoning bandwidth through use of youtube, and time-theft through use of online stock trading programs.
Although my employer is not opposed to the use of business resources for personal needs after hours, during office hours this cannot be a factor. I'm looking to accomplish two goals:
1) Disable use of certain applications on our network during work hours (or altogether if that's easier)
2) Block basic sites during all times; to ensure protection (sites such as youtube/netflix as they're not required, as well as pornography sites and other potentially harmful sites).
Our setup:
Internet:
Our ISP provides a modem > which is linked to a T30 firebox > which is then split (2x 16 port splitter boxes) into every computer
Network:
Star-system; Our server computer is supplied internet after the split from T30, and holds the WatchGuard software.
Every computer receives internet through the splitter boxes after T30.
What I'm looking for:
I'm looking for a way to be able to identify and disable downloaded applications' access to internet if the application is not required for work. I have identified the application name, and could theoretically replace the host file to block the IP that application uses. This is not a sustainable option as the employee could remove the host file themselves, and the application gets information from a set of servers so blocking several IPs may be rendered useless. I'm looking to either create a firewall rule on the server somehow that blocks that application from every computer on the network, or use WatchGuard to create a same/similar rule.
Also, secondarily I'm looking to block netflix/youtube from most (but not all if possible) users/computers, especially during work hours.
Any assistance would be greatly appreciated.
Comments
If you have the Application Control license, then you can use that to disable access to selected applications.
You can use a DNS proxy to block name resolution for selected domains on the Query Names tab of the proxy.
You can set up Schedules on a policy, to block selected access during working hours.
Generally you would need two policies - 1 for restricted hours, one for unrestricted hours.
Do note that existing sessions will not end when a different scheduled policy becomes active - so often the schedule feature does not prevent expected access - think of Youtube here.
Also, you probably need to block VPNs etc. as users will use these to get around your firewall rules.
You can do this for many VPN type apps using Application Control category of "Tunneling and proxy services"
Thank you very much,
This was awesome, and got me started. I found some articles that explain how to do the steps. I will look into VPN's at a later time but this is a great start.
Again thanks so much, I appreciate it!