Thanks, bad design, I agree, I got stuck with it, they were using Unix dumb
terminals at the remote site connecting via tcp IP using Gandalf routers,
some of their terminals used Rs232 connections to the Unix server, before we
started setting up Windows networking and I wasn't allowed to touch their
intersite infrastructure, additionally, the Unix program vendor(s), they had
2, did not want to cooperate in the LAN integration . They had fixed
non-private Ip addresses assigned to each user , no internet connectivity,
they limited the number of user access by managing the available IP
addresses internally on the Unix server, they told us to go fly a kite when
we asked them to use adresses in the 192,168.1.X range internally etc... In
short, a real nightmare and we're still stuck with their idiocy until a new
windows software is installed to replace the old one and the client dumps
the old unix stuff forever. We did manage to work around it all and keep it
functioning but the old way infrastructure is still there and always causing
us headaches whenever the customer asks us to add something new. Oh well, I
guess that's what I get paid for ;-)
Thanks for your input.
Bob
"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> "Bob" <(E-Mail Removed)> wrote in message
> news:uF$(E-Mail Removed)...
>> music, looking at sport sites etc.. Because of abuse of bandwidth they
>> experience loss of productivity. It slows legitimate user programs down,
>> using both internal and external bandwidth. Owners want it stopped.
>>
>> But the branch offices use a browser to vconnect to web based program
>> residing on a w2003 server for legitimate business stuff (Scheduling,
>> billing etc..) and they use the browsers to access some of their outside
>> supplier's programs. Also we do remote tech support to their users with
>> Radmin that needs some ports to be left open.
>>
>> They have a Watchguard router at their main office.
>>
>> How can we prevent abuse of their bandwith by their employees?
>
> Have a Firewall or Proxy at each site. A single Watchguard box at one
> location isn't going to help,...you need something at each
> site,...preferably matching brands/models. Once you have that, you can
> restrict HTTP/HTTPS (or whatever else) to be allowed only to/from specific
> places.
>
> Once these devices are in place, then you will probably need VPN because
> these firewall/proxy devices will sever the loose "flippant-freewheeling"
> type of inter-office communication you have between sites. It will have
> to
> be re-established by the use of VPN. They may also cause you to have to
> re-address the LANs depending on your situation (like if you run public
> IP#s). To make a long story short,...you have a bad WAN design,...the
> firewall/proxy devices are part of the re-design, but not all of it.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
Similar Threads
Linear Mode
