Hi, This is a result of your taking all control out of the hands of users...while it's very controlable from a sysadmin point of view, your users are obviously taken out of the loop and you wish to keep it that way.
That being said... What firewall are you using on the laptops? The device hosting the web page in the hotels your users are using is likely a Cisco BBSM (Building Broadband Service Manager) <http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/> I've seen these use both port 80 and HTTPS on 443. The webserver is IIS :( -scm PV:Peter VE PV> PV>Hi all, PV> PV>I have a problem that has been bothering me for quite some time now PV>All of our laptops have a personal firewall. PV>THis means that they can connect to the internet (in terms of getting an IP PV>address and do DNS name resolution) + establish a VPN tunnel into the PV>corporate network. That's it... no browsing allowed, no email reading or PV>sending allowed.... PV>When the users wants to access the internet, he has to establish the VPN and PV>use the corporate proxy server... better safe than sorry PV>The users are not able to change the firewall policy nor disable the PV>firewall... it's always running PV>The firewall is clever enough to detect when you are on the corporate PV>network (private IP + ability to resolve internal DNS names), when you are PV>on the internet (non-corporate IP address, or private ip address but not PV>able to resolve corporate internal DNS name), when you are using VPN and so PV>on... this really works well PV> PV>Some hotels offer a broadband connection... but before you can access the PV>internet, you need to connect to a website, and enter a passcode (so proper PV>billing can be done). We are blocking all access so the user cannot access PV>this website... PV>This is bothering me... how can we set things up so the user can use the PV>local broadband connection, PV>without dynamically changing the policy, PV>without allowing internet browsing access at all times.. PV>Also, keep in mind that not all websites are running on port 80... it could PV>be a different port... PV> PV>Any ideas ? PV> PV>thanks PV> PV>P PV>