Announcement

Collapse
No announcement yet.

Implementation Question

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Implementation Question

    Hi, We've been using nxfilter for about a year and it's been working really well. We're currently using IP based authentication for each location we have and have DNS forwarders on our domain controllers to point to Nxfilter. Our current challenge is that when people leave the office there is no filtering. We're thinking of putting the Nxfilter boxes live on the internet. Can you provide some tips on how you would implement that? Is it possible to implement so the users don't have to logon and it's transparent? All of our policies are generic, but it would be nice to get abit more granular to enhance reporting. We currently have a couple of different internal domains, and run Okta if that helps with authentication.
    Tags: None
  • #2
    I guess you are using it with Active Directory and you put NxFilter after your DC or your MS DNS server works as the DNS server for your users and NxFilter works as an upstream server. You need to read this first. https://tutorial.nxfilter.org/c-acti...ntegration.php

    You should put NxFilter before your MS DNS server so that NxFilter can differentiate users. And then you read this, https://tutorial.nxfilter.org/c-nxfi...entication.php

    We have several SSO agents for transparent authentication. You can use one of them.

    For remote filtering, read https://tutorial.nxfilter.org/d-nxpr...-filtering.php

    Comment

    • #3
      Thanks for the quick response. Just doing some testing now. Using nxproxy I'm able to see in the logs the logged on user of the computer. Am I correct that creating different users with logon tokens would allow me to have 3 seperate polices and it would be a matter of giving users different tokens to get the proper filtering policy or is there a better way to manage it when the users are remote?

      Comment

      • #4
        Can't you put multiple users under one policy or put them into a group and set a policy for the group?

        Comment

        • #5
          Yes, for sure that would be the idea. The mapping to filtering policies would be as you explained it above. My question is more around the logon token. If we wanted 5 different filtering policies we would need 5 users(tokens). Those tokens would be installed against our user base and each of the 5 would determine what could be browsed for that particular token(policy). Is that a correct statement?

          Do you have any agents for Mac computers?

          Comment

          • #6
            Yes. You need at least 5 tokens.

            We don't support macOS by NxProxy anymore. You can trye DoH though. https://tutorial.nxfilter.org/h-dns-over-https.php#fi

            Comment

            Previous template Next
            Working...
            X