web filter and firewall?!

[esam]

Please,If Possible someone explain me how to configure this Scenario:

Prevent all users from accessing to the Internet Exception two sites are used for business then allow some users to gain access to the full Internet then allow some users to gain access to the Internet Exception Social networking sites?

Is DHCP on my domain controller(windows server 2008) is better or on Zentyal?

Thanks in advance

[stuartiannaylor]

Yeah its very possible.

If I was you I would download http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-Win.exe and run up a VM.

You will have to learn how to join to the windows server. Synchronize users.

http://doc.zentyal.org/en/directory.html#configuring-zentyal-as-a-slave-of-windows-active-directory

Proxy settings

http://doc.zentyal.org/en/proxy.html

[esam]

Thanks brother 

Is DHCP on my domain controller(windows server 2008) is better or on Zentyal firewall?

If you don't mind may you give me the steps just steps without explain?

[stuartiannaylor]

DHCP, DNS, Kerberos I think is tied on the AD controller so keep that all on there.
Anyway it will not make things any "Better"

But seriously that is a huge one and sort of goes past a boundary.
If you want remote administration then there are members who will.

Download the Iso http://www.zentyal.org/downloads/
http://download.virtualbox.org/virtualbox/4.1.20/VirtualBox-4.1.20-80170-Win.exe
Run a VM

You need to do some reading as much needs consideration to your network topology.

Try the links supplied as a first source.

Stuart

[christian]

1 - I really don't see why running it in a VM will help solving this specific request. As general approach VM might be OK... or not. It really depends on what you intend to achieve.

2 - Profiling you intend to apply is not that easy. If I summarize, you want:
  - one group authorized to 2 URLs only.
  - one group authorized to all URLs but social networks (BTW, are you able to list all these so called "social network", I mean to list URLs  )
  - one group authorized to everything

This mean you need at least:
  - non transparent proxy
  - 3 different filter profiles
  - 3 different user groups

- for the first filter profile, tick the "Block not listed domains and URLs:" checkbox and add your two URLs in the list of autorized URLs
- for the second filter profile, use default settings but add (denying) URL of social networks you want to prevent
- third one is straightforward 
- be sure default behaviour is not to authorize outgoing flow... 

[stuartiannaylor]

Its just my modus operandi when evaluating software.

Just makes things easy. Do a couple of things make a clone.

Its just my suggestion but when tinkering and evaluating, set up a virtual machine.
Bridge the NICs rather than NAT.
Create clones in steps and you can hop between them to see where your problems arise.

 

[esam]

thanks brothers, I'll try it today then will reply you 

[esam]

What about DHCP?!

[christian]

First I would suggest that you - if possible - address on topic per post. This will make it easier for others to read and follow.

Then regarding DHCP, I don't understand what you mean with such question 
Microsoft DHCP server will offer more options as Zentyal integration does not expose all parameters in order to make it simple and easy.
On the other hand, using DHCP server linked to you DNS, gateway and FW may make you life easier.

Because of this, basic question like "which one is best" doesn't really make sense until you provide more inputs and background that could help to make the right decision.

[esam]

I'll do it next time 

so you Prefer to make DHCP on Microsoft DHCP server?

I found there HTTP proxy and Packet filter which one i have to configure it?

Thanks in Advance 

[christian]

No, you don't understand.
I do not prefer Microsoft DHCP server and I will probably be the last one promoting Microsoft solution when there is an alternative.
My point was to say that your question is pretty meaningless without any context.

Depending on your environment, Microsoft DHCP server might fit better than Zentyal or whatever else.

I'll do it next time 

however, you start here another topic within this topic 

I found there HTTP proxy and Packet filter which one i have to configure it?

and here again your question is, to me, meaningless  sorry for being so harsh 
It's like if you were asking "shall I paint it in blue or drink a beer?"
What do you intend to achieve?

If I can try an advice, read some technical literature explaining concepts before moving further ahead 

some hint: HTTP proxy handles HTTP flow only while packet filter permits to control different protocols but will never offer proxy mechanism. These are very different tools. You will most likely need both, depending on your goal, of course 

[esam]

Hi christian, If i did what you wrote in reply #4 will be no need to configure firewall---->packet filter

also there from

filter profiles-----> there is option called (threshold) for what that?!!

[christian]

Please start reading this and also this and that.
Once you understand what it means and how it works, forget about "transparent proxy" because it doesn't fit your requirements and apply what I suggested above.

[stuartiannaylor]

Esam,

your doing a great job and I must applaud Christian.

Esam there is this little thing called karma you owe Christian a few.

Your getting there but please remember the documentation.
Its not just about you learning and us not having to tell you.

The documentation is structured and have certain key words and praises.

So looking at the documentation quote the chapter and whilst we are on this matter we should really provide more resolution so users can pin point items more clearly from the documentation

That is a thought of my own.

Anyway filter threshold is how strict the filter is. A mild filter might let bum or tit through but anything that borders on the pornographic.
It all depends on your audience and site policy.

I have a pet annoyance of adoobe flash "Flash" seems to mean much more to some than it means to me.

Have a read of the site documentation and if you are still struggling we are here to help.

PS remember Christians Karma points.

[esam]

ٍSo What do you prefer to configure for my network  HTTPS proxy or Packet filter?coz I think they will not work togother??

I read that documentation but they just talk about http proxy! nothing about packet filter?!

I'm so sorry for many Questions but this new project and the company want me finish it soon as possible!