Ron Boetger said:
I just need to block the 3 pc's in the production area NOT the pc's in
the main office.
Thanks
As hinted, you're probably better off doing this via fixed IPs and a
hardware firewall unit. Set the systems to fixed IPs and don't allow
anything that isn't on an approved list of addresses to get external network
access. Yes, this will be a problem for visitors with laptops, but that
can be worked around with an extra wireless router.
Another simple and completely effective way to do this is to physically
separate those specific systems from external networks. Give them their own
router and their own resources, but just don't connect that router to the
external network - don't connect its WAN port to the main router. This
removes any phyical possibility of browsing or any other external network
activity.
If you have to do something like update antivirus definitions or apply
updates, just plug that router in to the main network, do what you need to
do, and unplug the router again.
This is exactly what I did to connect a number of point-of-sale systems that
have to be networked to function, but as they contain customer information
there can not be *any* physical possibility of remote access. It's very
simple and very effective, and can be very inexpensive.
HTH
-pk