Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 5498 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet Access

BurimTahiraj

Hello,

Currently all Domain Uses access internet using the UTM IP as proxy on their browsers. There are Polices that apply to to all the Domain Uses.

There are times when outside people come to our offices and they need internet access, once they plug their laptop to our network they will get DHCP assigning our UTM ip as their gateway but they will not be able to authenticate, no prompt for username/password. Logs show that the Base Policy is blocking them. 

How do I grant them internet access without having them type UTM IP as proxy on their browser, just using the UTM IP as gateway. 

 



This thread was automatically locked due to age.
Parents
  • 0

    First off, never let guests "plug in" their devices to your corporate network. Bad practice!!

    Here's what I have setup. In addition to the Default Web Filter Profile (transparent) I also have a Standard web filter profile setup.

    Domain users, get WPAD assigned via DHCP option 252. Thus using the Standard Web filter profile. Active directory auth, SSO etc etc.

    Guests connect to my "Guest Wifi" using a router with DDWRT on it. This allows a guest wifi to be created (in addition to the corporate wifi) and the only access it has to my network is the UTM for internet. This DDWRT has it's own DHCP scope for the guest network, and does not have assign any WPAD settings, therefor guests will surf through the Transparent web filter profile, no authentication.

    Of course this method only works for Guests with wifi capable computers, but I've yet to see a person bring in a tower lol. Again, never let an unknown PC plug into your LAN.

  • 0 in reply to rsenio

    Let's say that we don't allow Guest to connect to our network we still have auditors and accountants people coming in and they need to access the same network. So, we still need to provide them internet access without applying proxy settings. 

    Can't have two Web Filter Profiles since I only have one network.

  • 0 in reply to BurimTahiraj

    To each their own. That would never happen in my environment, if someone needed something that was on my server I'd provide it for them. A few times a year this place is crawling with auditors and accountants but not once has someone said "I need server file access" Besides, you can still setup a guest network with it's on DHCP scope as I described above. And still setup filtering, and if you must, still allow access to certain servers etc.

    Alternatively, you can setup two web profiles. Again, just as I described above. Instead of using DHCP to push your wpad settings use group policy. Those that are on your domain will obtain the proxy settings and use your standard proxy web profile. Those that are not a part of the domain will not receive the GPO and use the transparent web profile

Reply
  • 0 in reply to BurimTahiraj

    To each their own. That would never happen in my environment, if someone needed something that was on my server I'd provide it for them. A few times a year this place is crawling with auditors and accountants but not once has someone said "I need server file access" Besides, you can still setup a guest network with it's on DHCP scope as I described above. And still setup filtering, and if you must, still allow access to certain servers etc.

    Alternatively, you can setup two web profiles. Again, just as I described above. Instead of using DHCP to push your wpad settings use group policy. Those that are on your domain will obtain the proxy settings and use your standard proxy web profile. Those that are not a part of the domain will not receive the GPO and use the transparent web profile

Children
No Data