Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1253 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG320 and a private and public wireless network.

jburke
I would like to have a public and private wireless network with the Astaro doing the content filter for both. I was planning on using the transparent proxy mode with ssl scanning enabled. I will also push out the cert to the organizations pc's using gpo. How would I enble the public machines to receive the cert to allow for scanning of the http/s content? Does anyone have a simular setup? Sorry if this message has been posted in the incorrect forums.

Thanks,

John


This thread was automatically locked due to age.
Parents
  • 0
    The only way to automatically push certs to clients that I know of is through the Windows Group Policy system, which is impossible for a public network.

    Also, I can't imagine that many public users would be willing to install a certificate to let a 'stranger' read their SSL traffic.
    I certainly wouldn't.

    Are you sure you need to do SSL scanning for the public clients?
    Is this to keep employees from bypassing security restrictions by using the public network?

    Barry
Reply
  • 0
    The only way to automatically push certs to clients that I know of is through the Windows Group Policy system, which is impossible for a public network.

    Also, I can't imagine that many public users would be willing to install a certificate to let a 'stranger' read their SSL traffic.
    I certainly wouldn't.

    Are you sure you need to do SSL scanning for the public clients?
    Is this to keep employees from bypassing security restrictions by using the public network?

    Barry
Children
  • 0 in reply to BarryG
    Wait a minute.  None of us thought to remember that the selection of HTTPS scanning can be done by profile, and that profiles are assigned by IP address.  John, you don't have a problem!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob, I think he wants to scan everyone's https traffic.

    Barry
  • 0 in reply to BarryG
    Bob, I think he wants to scan everyone's https traffic.

    Barry




    I don't care too much about blocking anything on the public wifi. I will have two ssid's, e.g. ssid: private ssid: public. I still will have wpa enabled on the public. Since this is a school district, someone can give outside member district teachers the wpa key when it is needed. I can change the key on a monthly basis. It would be nice not allow, IM/P2P, video type traffic though.

    Thanks for your input guys.

    -John
  • 0 in reply to BAlfson
    Wait a minute.  None of us thought to remember that the selection of HTTPS scanning can be done by profile, and that profiles are assigned by IP address.  John, you don't have a problem!

    Cheers - Bob


    So, I can assign content filter setting per subnet? Is there any examples of these setups on anyone website or Astaro's site???
  • 0 in reply to jburke
    Each HTTP Profile corresponds to a subnet.

    Start here: https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/43932

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner