Answer for:

- updated

Message 3 of 25

View entire thread
0 Votes

IMO all the suggested ideas are valuable, but they don't cover 100% what efe.egilmez looks for. I had the same situation some time ago. Now I'm using "Barracuda WebFilter 210"-WEB Firewall. IMO this is your 100% solution. There are a lot of things to be improved in this device, but after you spend some time it will work good for you. You could apply any Internet-usage polices against your "Authorized" or "Unauthorized" users. So, even someone steals an IP in your LAN he will be "Unauthorized" user and his access to Internet will be controlled automatically by you (Barracuda). On the other hand I assume you restrict such user from logging to your domain. As result he will stay "In the middle of Nothing" being unable to do nothing more in your LAN. In addition Barracuda is compatible with LDAP so it could use your Domain Usernames and authorization. And it is easy for administration (GUI). The model 210 is the lowest class and is not expensive. There are higher class models (310, 810) and other vendors like Cisco, Symantec offer their (probably better) solutions, but I'm not that familiar with them. I think this is good example for solution it such situation. Especially if you combine it with the Switch-port MAC-binding solution proposed earlier by Gerald.Alaerds.

Hope this helps you!