block users internet access 2

[JacobTechy]

I have a user who is adding a gateway route to get access to the internet. I caught him using the internet when he is not suppose to. I am the network admin and I need to block him from doing this. I have already gave him a verbal warning. How can I prevent him from browsing the internet without actually going in front of his computer.

I have a domain setup that he has to log into and we are using a pix 515E firewall and windows 2000 server DC. I only want him to have access to our intranet.

 

[pgaliardo]

Have you considered using a proxy server? Then set up your firewall to only allow port 80 and 443 traffic out from the proxy server. Set up a group policy so that users have to use the proxy server for Internet access. Then, you should be able to deny that user acess from the proxy server. Once you set up your firewall to only allow Internet traffic from the proxy server no other machines can access the internet.

 

[smah]

I would expect that the PIX is perfectly capable of doing the task you require.

 

[CiscoGuy33]

JacobTechy,

Yes with that PIX you can do anything you like to block him and know when he is trying!

Set up an ACL in the PIX to block/deny all

http://www/port

80 traffic to his IP address or even better only permit traffic to the intranet and log the events.

Then when he does it agin formally write him up and attach the log file, then the next time you can fire him!

Just my thoughts!

E.A. Broda
CCNA, CCDA, CCAI, Network +

 

[JacobTechy]

I will read up on how to setup an ACL on the pix. If I am at his computer and would like to get windows updates from the internet or check other sites is it easy to enable the internet again.

 

[JacobTechy]

No our company has not really had to many problems with internet abuse just this one person who I am trying to deal with myself rather then appoaching his manager and also facing viruses, and other IT related headaches.