I have a situation where I have installed a St. Bernard iPrism Webfilter at our workplace. The appliance works quite nice and so far I am happy with it. One side issue that came up as part of the ongoing set up and configuration was how I would deal with outside sales members who use laptops and are in and out of the building and therefore do not sign on to the domain. I still want to filter these people and I would like to be able to identify their traffic. My question does not apply to the iPrism device or configuration, it is just provided as background knowledge for the actual question:
I believe I can accomplish what I need by assigning an IP statically to these machines. But since they are in out of my network I cannot truly static them. What I can do is set up a reservation in DHCP and assign a MAC to an IP in the reservation. By doing this they should always have the same IP when connected to our network and if they always have the same IP here I will be able to identfy their traffic and assign that traffic to them in the iPrism.
Here are my questions:
1) These laptops have two Ethernet adapters, one for the LAN connection and one for the wireless adapter. When in our building they may connect to one or the other; they could be in an office or floating about the building. Am I really going to have set aside two IP addresses for each laptop computer? Maybe its just my frugal nature and I should not care, I see DHCP is handing out two IPs for them anyway as is.
2) I have always been surious about this: when there are two adapters in a machine, one wirelless and one one cable connected LAN, and both are connected - which one is actually carrying the traffic? Is traffic split or what exactly is happening? Does one always take precedent?
3)Is what I am doing in 1 above sound or is there a better way for me to deal with this?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Alternative solution : ensure the authenticated iPrism sessions using domain credentials are set to let say 720 mins and let the users enter their domain credentials at their first attempt to access the internet. They will not have to do it again for the next 720 mins.
I think that will give you flexibility and simplicity without requesting too much from the users (not mentioning the fact that they may refrain some abuse).
Just my opinion and experience...
Business Accounts
Answer for Membership
by: Magim_ITPosted on 2009-08-18 at 01:45:00ID: 25121062
Hi,
1) yes, you will have to reserve two IP's for each laptop (one bind with LAN MAC and other with wireless MAC address)
2) you may have more than one IP connectivity (multiple ethernet ports, wireless, dialup etc) to the network but can have only one default gateway. Traffice will flow from the port whichever is connected at last.
3) we are using Fortinet products for web filtering, they have client called forticlient who installs all the policies locally and take updates from the FortiManager. so even if the laptop users are at home or outside office they still have to follow the office policies for surfing the internet. when they came to the office FortiClient send all the data to FortiAnalyzer for preparing the reports.