This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG320 and a private and public wireless network.

I would like to have a public and private wireless network with the Astaro doing the content filter for both. I was planning on using the transparent proxy mode with ssl scanning enabled. I will also push out the cert to the organizations pc's using gpo. How would I enble the public machines to receive the cert to allow for scanning of the http/s content? Does anyone have a simular setup? Sorry if this message has been posted in the incorrect forums.

Thanks,

John

This thread was automatically locked due to age.

Parents

0 BarryG over 16 years ago

The only way to automatically push certs to clients that I know of is through the Windows Group Policy system, which is impossible for a public network.

Also, I can't imagine that many public users would be willing to install a certificate to let a 'stranger' read their SSL traffic.
I certainly wouldn't.

Are you sure you need to do SSL scanning for the public clients?
Is this to keep employees from bypassing security restrictions by using the public network?

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 16 years ago

The only way to automatically push certs to clients that I know of is through the Windows Group Policy system, which is impossible for a public network.

Also, I can't imagine that many public users would be willing to install a certificate to let a 'stranger' read their SSL traffic.
I certainly wouldn't.

Are you sure you need to do SSL scanning for the public clients?
Is this to keep employees from bypassing security restrictions by using the public network?

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 16 years ago in reply to BarryG

Wait a minute. None of us thought to remember that the selection of HTTPS scanning can be done by profile, and that profiles are assigned by IP address. John, you don't have a problem!

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 16 years ago in reply to BAlfson

Bob, I think he wants to scan everyone's https traffic.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 jburke over 16 years ago in reply to BarryG

Bob, I think he wants to scan everyone's https traffic.

Barry

I don't care too much about blocking anything on the public wifi. I will have two ssid's, e.g. ssid: private ssid: public. I still will have wpa enabled on the public. Since this is a school district, someone can give outside member district teachers the wpa key when it is needed. I can change the key on a monthly basis. It would be nice not allow, IM/P2P, video type traffic though.

Thanks for your input guys.

-John
Cancel
Vote Up 0 Vote Down

Cancel
0 jburke over 16 years ago in reply to BAlfson

Wait a minute. None of us thought to remember that the selection of HTTPS scanning can be done by profile, and that profiles are assigned by IP address. John, you don't have a problem!

Cheers - Bob

So, I can assign content filter setting per subnet? Is there any examples of these setups on anyone website or Astaro's site???
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to jburke

Each HTTP Profile corresponds to a subnet.

Start here: https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/43932

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel