Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Oct 2018
    Posts
    12

    Default Different filtering for kids and adults

    Hi,

    I have setup Untangle, but would like to setup different filtering for my kids. I thought about setting up separate SSID on my WAP which is a TL-WA901ND, and use a VLAN, so I can separate them but do I need to do this or is the captive portal the way to go?

    Thanks

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,455

    Default

    It really just depends on how you want to do it. Captive Portal means logins, which means you can have policies impact users regardless of what machine they're on. But it also means people have to logout, or the wrong policy might be left over from the previous user.

    If your kids have their own stuff, and they tend to stick to just their own stuff, then you can tag devices with names, and use those to push things into policies, that's what I use for my four.

    But again, it depends on your goals, Untangle has 100 different ways to do this. Do you have any more specific ideas on what you want to happen?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Oct 2018
    Posts
    12

    Default

    Thanks for the reply. I have 3 kids (2, 7, and 10) all except the 2 year old, though Im sure she will be there soon, have there own devices. Laptops, phones, tablets etc. I would just like to setup some filtering for them. I would like them having to log in and out of anything. But I would like to be able to have no filtering for my wife and me?

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,691

    Default

    Step one: Set up policies entries for each class of user in policy manager. It sounds like you have Kid & Adult right now, but you might soon find the oldest needs different rules from the younger children, you might want a different policy for guests and another for "infrastructure" devices (printers, TVs/TV Boxes, Wifi APs, etc). Think about it carefully and create the policy entries. You don't have to set up all the filtering right away; just get it so the place exists with the correct name.

    Also think carefully about the parent/child relationships for the polices. Unfortunately, Untangle does not have the ability to have a policy inherit, say, it's parent's Web Filter settings, and then add just few more on top of those; it's all or nothing here. However, if you want to control things by time, those are separate policies, and the inheritance stuff can be useful here.

    Step 2: Add tags for each entry in the "devices" list in Untangle. You'll need to identify each entry you see, so you know what it is. Sometimes this can be tricky for things like phones, where all you see is a model number and mac. The tags do not have to be 1:1 to match with the policy names chosen earlier. Tag the devices in a way that's makes sense for the device. For example, if you create the "Teenager" policy I suggest, you may right now want the 2 and 7 year olds in the same "Younger Kid" policy, but eventually the 7 year old will age out. This will be easier to manage if their devices are tagged separately from the 2yr-old's devices.

    Step 3: Created rules to map tags to policies. Once the tags exist, go back to policy manger and create rules to map the tags you created the policies. I know it seems like we're going back and forth a little, but I find it easier to create the policies before thinking about tags, but I also find once you start digging through devices you'll find some new things for tags you didn't anticipate if you did the tag=>policy mapping rules first.

    Step 4: Validate Policy rules via Session Viewer We haven't set up any blocking yet, but at this point we want to use session viewer just to make sure each hostname (4th column by default) is being assigned into the right policy rack (3rd column by default).

    Step 5: Configure the Apps for each Policy This is where the magic finally happens. In policy manager, go to each policy rack via the pull-down menu on the top left, open up each app you want, and start setting up the filtering. Remember, the changes only apply to new sessions, so you've pulled up some content you want to block in one window and set a rule to block it in another, it won't suddenly just stop, because that session was already classified.


    Follow these steps and no one will ever need to log in or out, but filtering will still happen.

    One file note: parents often want to set a rule along the lines of "The kids can have two hours of internet time. I don't care when it is; I just want the software to magically know when they start and stop and don't let them accumulate more than 2 hours each day."

    Unfortunately, this kind of policy doesn't work, in any filtering product. I've seen lots of stuff that claims to do this, and when you dig into the details they're always lying about their ability to enforce it accurately. The problem is the view of traffic at the gateway does not map at all to what real devices and people are doing. An un-used Facebook tab (or may any web page, these days) left open will continue to generate traffic, even when no one is around. A 30 minute netflix or youtube video will buffer all of the content in the first two minutes of watch time and not generate other traffic. The gateway just doesn't know what time you're really spending on a device.
    Last edited by jcoehoorn; 05-31-2019 at 07:30 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.1.1 to protect 500Mbits for ~400 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2