We currently use Novell Zenworks Endpoint Security (ZES, a dead product) to control users' network connections. When ZES detects the user is connected to a non-workplace network (at home, at hotel, anywhere other than our private network), it gives them a couple minutes to hit any internet address before locking it down to just one address (our Citrix Access Gateway page). This allows them time to accept the agreement that a Hotel, Motel, coffee shop, etc. might have.
I'm having no luck thinking of a way to do this with Sophos firewall. I'm using DNS lookup for the location detection. Once it can't hit our main domain controller, it puts you in secondary location and blocks all web traffic except for the CAG login page. Therefore, you can't hit the hotel's agreement page and thus get no internet connectivity.
Do hotels use a central location for their websites? If it was local to the hotel, I could possibly allow LAN traffic without it causing much risk. However, I believe hotels have external sites for you to hit "accept terms" on, so allowing LAN wouldn't help.
Maybe there is a common list of hotel and coffee shop domains that I could add to the allowed list.
We could force our traveling users to all have MiFi devices so they wouldn't rely on the archaic (in my opinion) agreement pages of hotels. But we have some customers in remote places of Wyoming, Montana, and Idaho where there is no Verizon connection, or its a weak 3G connection, but the hotel might have decent internet.
Any ideas would be great, thanks!
This thread was automatically locked due to age.
