Rules versus Family features
I'm trying to configure a Firewall Gold unit in a small church/school setting. As you might imagine, we'd like to implement maximum protection for our children (and any temporary users on our network). Unfortunately, Firewalla's Family capabilities (i.e., Safe Search and Family Protect) appear to be a little too strict for our teachers, often blocking them from playing run-of-the-mill YouTube instructional videos. So...what I'd like to do is lock down the entire network and then "allow" certain activities on particular devices (i.e., PCs/laptops I know are being used by our teachers).
With Rules, you can either allow or block activities from your network. On the other hand, it appears you can only block activities from your network if you select a "Family" feature (i.e., Family Protect or Safe Search).
How have you gotten around this limitation?
Thanks in advance.
Bill
-
Safe Search restrictions are really Google restricting content based on the feedback or description given by the content producer. (for example, content not right for kids). Since this restriction is done inside of google, it is not possible for firewalla to give exceptions.
Alternatively, you probably can block porn or ... other categories manually. But ... those won't block youtube videos, since those can only be filtered by safesearch.
-
I understand your point that Safe Search is, in effect, is a third-party tool. That makes the logic more complicated, but I'd still argue it's possible. Let me try an example (in which SafeSearch can either block or allow, unlike today):
Let's say I first save a Firewalla rule that applies Safe Search to my entire network. I then add a second rule that says, in essence, that it's safe to skip Safe Search for all PC's with an IP address of 192.168.1.1 through 192.168.1.10. Lastly, my principal (using a workstation with a 192.168.1.8 IP address) issues a Google query.
Since Firewalla knows which PC is issuing the request, could it not check to see whether the IP address was in the blocked or allow address space and pass the query over to Google accordingly (i.e., in this case, since the principal is in the allowed space, the request would be fed to Google's unfiltered search engine. In the case of a student, however, with an IP address outside the permitted range, the request would be fed to Google's version of Safe Search)?
Thanks.
Bill
-
Hi Bill,
you are managing a network for school / curch. May i ask, why you don't split the network into smaller pieces using switches and accesspoints which support VLAN? So you can generate a network for teacher nearly unfiltered and a network for students and another one for guests. So you have at least three different areas with different ways to restrict / filter traffic. And you'll protect the seperated networks itself. The teachers devices are protected by being accessed through a device from students or guests.
Firewalla gold can help you to split the network into seperated VLAN. How to, actually i don't know because i don't have firewalla gold. But you can do that. Using switches and accesspoints which are supporting VLAN, you can set up the network like this.
Another idea. Firewalla is using groups and rules. you can set up rules for groups. And you can group your devices. Maybe new device quaranteen will be interesting for you? new devieces will be in quaranteen group which blocks all internet-traffic. you can move the devices yourself to another group (e. g. teacher or students) and get the rule-set working for that group.
But i'll prefer to split the network to get some more security.
mozarella
Please sign in to leave a comment.
Comments
4 comments