Client firewall = CyberArmor from Infoexpress Taking control out of the hands of the users is generally spoken the safest solution... but not always practical... I know... but as I said before : better safe than sorry ;-)
----- Original Message ----- From: "shawnmer" <[EMAIL PROTECTED]> To: "Peter VE" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, December 07, 2002 1:23 AM Subject: Re: broadband connections in hotels > Hi, > > This is a result of your taking all control out of the hands of > users...while it's very controlable from a sysadmin point of view, your > users are obviously taken out of the loop and you wish to keep it that > way. > > That being said... > > What firewall are you using on the laptops? > > The device hosting the web page in the hotels your users are using is > likely a Cisco BBSM (Building Broadband Service Manager) > <http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/> > > I've seen these use both port 80 and HTTPS on 443. The webserver is IIS :( > > -scm > > > > PV:Peter VE > > PV> > PV>Hi all, > PV> > PV>I have a problem that has been bothering me for quite some time now > PV>All of our laptops have a personal firewall. > PV>THis means that they can connect to the internet (in terms of getting an IP > PV>address and do DNS name resolution) + establish a VPN tunnel into the > PV>corporate network. That's it... no browsing allowed, no email reading or > PV>sending allowed.... > PV>When the users wants to access the internet, he has to establish the VPN and > PV>use the corporate proxy server... better safe than sorry > PV>The users are not able to change the firewall policy nor disable the > PV>firewall... it's always running > PV>The firewall is clever enough to detect when you are on the corporate > PV>network (private IP + ability to resolve internal DNS names), when you are > PV>on the internet (non-corporate IP address, or private ip address but not > PV>able to resolve corporate internal DNS name), when you are using VPN and so > PV>on... this really works well > PV> > PV>Some hotels offer a broadband connection... but before you can access the > PV>internet, you need to connect to a website, and enter a passcode (so proper > PV>billing can be done). We are blocking all access so the user cannot access > PV>this website... > PV>This is bothering me... how can we set things up so the user can use the > PV>local broadband connection, > PV>without dynamically changing the policy, > PV>without allowing internet browsing access at all times.. > PV>Also, keep in mind that not all websites are running on port 80... it could > PV>be a different port... > PV> > PV>Any ideas ? > PV> > PV>thanks > PV> > PV>P > PV> > >