As a network administrator, one of the things that make you a master of your job is your ability to take full control of your network and dictate what can and cannot be done. With organizations paying heavily for internet subscriptions, it is expected that users will judiciously make use of the subscribed bandwidth for the good of the organization. This has been found to be far from the truth as employees are in the habit of using their employers’ internet to search for other jobs, stream videos on YouTube, visit Facebook, p0rn sites and so on. When these happen, there will be little or nothing left for legitimate traffic, causing the company’s operation to surfer. In this post, I will share with us on how to permit company-allowed traffics (legitimate traffics) while blocking all other forms of traffics.
This of course will be done using the layer7 protocols and firewall filter rules but in a highly organized fashion. The first thing to do is to identify your company’s allowed websites. This should include your company’s website, Skype, email provider, Microsoft.com, wikipedia.org, google.com, mail.google.com, outlook, office365, and other services you may wish to permit.
See code below but do not forget to edit to suite your needs.
The final task is to create two more rules;one to drop invalid connections and another, to allow established, related and new connections. These rules do not make use of layer7 protocols For invalid connections, see below and set the action to drop.
For related, established and new connections, set the action to allow.
With this setup, the company’s subscribed bandwidth will be put to good use and it will serve its purpose and you, as a network administrator will be respected and appreciated by the organisation for your efforts at improving the quality of service delivery. Please stay with me on YouTube, Facebook and Twitter.
Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.