?
Solved

Force start page in browser to Appropriate Use Policy?

Posted on 2006-05-31
15
Medium Priority
?
1,175 Views
Last Modified: 2008-03-04
I'm looking for a way to force the first page that is seen by any user opening a browser. I've seen it in hotels, but never been able to figure out how they do it.

I want the first page the browser opens to be our Appropriate Use Policy. I know how to do this through AD, but I want it to work like it would if I walked in off the street into a hotel and plugged in my laptop. How do they force your browser to that start page?

Thanks,
RushB
0
Comment
Question by:RushB
  • 4
  • 3
  • 2
  • +2
13 Comments
 
LVL 10

Accepted Solution

by:
Sorenson earned 500 total points
ID: 16799007
The easiest / cheapest way that I have found to do this is to use m0n0wall http://www.m0n0.ch/wall/downloads.php and configure the captive portal page portion of it.  The m0n0wall will need to be used as a firewall, but does not need to do NAT (although it will do it by default).  I have this configured for the public sides of our wireless to display an agreement page before users are allowed access.  There is a good article here: http://www.tomsnetworking.com/2004/09/29/how_to_monowall_portal/ on how to configure it.

If you need a commercial grade product, I have setup and configured the cisco broad band service manager (BBSM) to do the same thing.  This product can be used to connect into hotel billing systems and has a more robust feature set, especially if you are using cisco network hardware.  It can be found here:  http://www.cisco.com/en/US/products/sw/netmgtsw/ps533/index.html
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 16799167
um? what about setting the homepage in the browser options?

It's free and it works.

in IE. Click
tools,
Internet Options,
Under the General Tab.
Set the required link as your Homepage Address.

In Firefox it's pretty similar
Tools,
Options,
Set the required link as your Locations
0
 
LVL 3

Expert Comment

by:1_UP
ID: 16799278
dvt_localboy,

No offense bro...but what he means is he wants the page to display all the time, period, whenever any computers plugs into his network...whether he has immediate control over that machines local settings or not...
**********************
RushB,
Many firewall/routers offer the feature of opening a whole seperate page with an Appropriate Usage policy(or whatever you want there) that the user has to accept before being allowed to access the internet. This is what I would suggest, assuming you have it in your budget. Sonicwall offers this on the TZ-170 and above I think, though it is not the cheapest solution, it does offer alot of extra security/monitoring etc...I am sure many other brands offer something comparable.

Hope this helps,

1_UP
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 26

Expert Comment

by:Leon Fester
ID: 16799390
oops sorry my bad...i didn't read thoroughly

slap@me
0
 
LVL 10

Expert Comment

by:Sorenson
ID: 16799415
as an addition...m0n0wall does not need to be the only firewall used.  I use it behind ASA appliances to keep the "public" traffic completely seperate from my internal traffic.
0
 
LVL 3

Expert Comment

by:1_UP
ID: 16799501
dvt_localboy,

No prob, man...happens.

1_UP
0
 
LVL 3

Author Comment

by:RushB
ID: 16799525
I have a Fortinet there, but can't find that in the options. I have a Cisco 565 cache engine, but can't find anything there either. Got a 3640 router, and a 6509 behind it, can't find anywhere to do it there either. The Fortinet firewall seems like the logical place, but I haven't been able to find a place to do it. Is there a way with any of the equipment I already have?

Cisco 3640->Fortinet 300->565 Cache Engine->Cisco 6509->Win 2k3 servers doing DNS and DHCP.

Thanks,
RushB
0
 
LVL 3

Expert Comment

by:1_UP
ID: 16799831
RushB,

I searched around on each of the units info online, but I couldn't find anything relating to page delivery...also are your user required to log-in to any of the units(locally or through RADIUS) as they come on the network??? If so then the unit where login takes place is where to look...

Sorry I couldn't find anything about your specific equipment :(

1_UP
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 16807758
Hmmm... I'm taking a variation on dvt's idea, but automating it through AD... if all the clients are part of a Windows AD Domain.  --without having to configure network hardware or purchase new hardware.

Big Pic:  Point IE (through a group policy) to use a local "Acceptable Use" html file at IE startup (Default Webpage).

1.  Create an "Acceptable Use Policy" html file and place it on an accessable network share.
2.  Tweek logon scripts to copy the "Acceptable Use Policy" file to the local computer in a standardized location for each computer (say, c:\winnt\aup.html)
3.  Create a Group Policy (Domain Policy) to tweek IE to force the default web page to point to the local "aup.html" file on opening IE.

This policy would continue to be applied if a laptop is in the office or out of the office...

Hope it helps,
Scooter
0
 
LVL 3

Author Comment

by:RushB
ID: 16809773
That's what I am doing currently, but I want to get those laptops that a guest might bring in to my district. So I need a way to throw up the AUP to those not in AD.

Thanks,
RushB
0
 
LVL 13

Expert Comment

by:ScooterAnderson
ID: 16809787
errrr... sorry.  Need to work on my question reading skills...
0
 
LVL 3

Expert Comment

by:1_UP
ID: 16828467
I had another thought...I bet a proxy server would be the easiest way to go(assuming you have'nt figured out a way to do it on your firewall)...

1_UP
0
 
LVL 10

Expert Comment

by:Sorenson
ID: 16841796
m0n0wall will allow you to do it without changing anything on the workstation.  All of the AD - IE solutions are too dependant on items you do not control.  The depend on either control of the workstation or forcing a browser type.  A proxy server would require settings to the browser, unless it is an in-line proxy, in which case you will break all sorts of other internet access.  There are other products that do the captive portal, however m0n0wall is free, and is fairly well documented.  It does not require any particular hardware, just an old pc with two nic cards (bootable ISO is available for download with configs being saved on a floppy disk)...  I am very familar with fortinet and the cisco products and the ones you have do not allow the captive portal configuration, however depending on the sup modules in the 6509, you could use policy based routing to get the internet requests to go through the m0n0wall to use it as the solution.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question