CP on two interfaces +++

Home Page Forums Network Management ZeroShell CP on two interfaces +++

This topic contains 1 reply, has 0 voices, and was last updated by  btor 10 years, 11 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #41051

    btor
    Member

    Hi,

    ZS looks *very* interesting in our scenario 😉

    Does it support captive portal functionality on *two* different interfaces? We are a boarding school with separate networks for classrooms and dorm areas (one WAN IF and two LAN IFs).

    Users connecting to the dorm area network should have the ‘normal’ captive portal login web page. However all students connecting from the classrooms are already logged on to the w2003 domain controllers. Does ZS support some kind of ‘silent login’ for authenticated domain users (assuming of course that ZS is already connected to these domain controllers AD).

    What about logging? Does ZS support reporting with username and total downloads sorted by port number..?

    And finally, doest it provide efficient ways to discourage creative torrent users? Currently we have problems keepng a few clever users from using most of our bandwidth…

    Thanks a *lot* for comments on these issues. I have browsed the info here, but not yet found good answers on my above questions…

    best regards

    btor

    #46558

    imported_fulvio
    Participant

    Does it support captive portal functionality on *two* different interfaces? We are a boarding school with separate networks for classrooms and dorm areas (one WAN IF and two LAN IFs).

    The current release’s captive portal only supports 1 interface. You could use the captive portal on more than one interface only by bridging them or using another router that has the captive portal as default gateway.

    Users connecting to the dorm area network should have the ‘normal’ captive portal login web page. However all students connecting from the classrooms are already logged on to the w2003 domain controllers. Does ZS support some kind of ‘silent login’ for authenticated domain users (assuming of course that ZS is already connected to these domain controllers AD).

    No it’s not possible. You could create X.509 personal certificate for the students and use them to authenticate the captive portal without username and password.

    What about logging? Does ZS support reporting with username and total downloads sorted by port number..?

    The captive portal log records username, IP and MAC address. The connection tracking log, if enabled, stores source IP, source port, destination IP and destination port. If you enable the web proxy with antivirus zeroshell also logs the url of the visited sites.

    And finally, doest it provide efficient ways to discourage creative torrent users? Currently we have problems keepng a few clever users from using most of our bandwidth…

    Zeroshell uses Layer 7 filters and IPP2P to identificate P2P and other type of traffic that is not easy to track by using tcp/udp port numbers.
    I have not experience with bit torrent shaping.

    Regards
    Fulvio

    #46559

    btor
    Member

    The current release’s captive portal only supports 1 interface. You could use the captive portal on more than one interface only by bridging them or using another router that has the captive portal as default gateway.

    But by bridging I cannot use separate fw rules for the two and they would have to be on the same subnet. Right..?

    No it’s not possible. You could create X.509 personal certificate for the students and use them to authenticate the captive portal without username and password.

    Could you please elaborate a bit on how to implement this certificate solution for ZS?

    The captive portal log records username, IP and MAC address. The connection tracking log, if enabled, stores source IP, source port, destination IP and destination port. If you enable the web proxy with antivirus zeroshell also logs the url of the visited sites.

    Can you also report internet usage (i.e. megabytes by username for the last hour, last 24 hours and last 7 days…?

    Zeroshell uses Layer 7 filters and IPP2P to identificate P2P and other type of traffic that is not easy to track by using tcp/udp port numbers.
    I have not experience with bit torrent shaping.

    Anyone else here having experience using the above suggestions to successfully deny torrents and PMs etc…?
    Regards
    btor

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.