Solved

How to force public wireless users to surf safe

Posted on 2010-11-17
10
1,688 Views
Last Modified: 2012-05-10
We have a wireless network for public users.

We also use the ScanSafe service for safe web access for our internal users.

On our internal users we have access to their desktops where we set the ScanSafe server IP address in the IE proxy settings.

My question:
How does one go about making the public wireless users surf through the ScanSafe service when we don’t have access to their laptops?

We are using a Cisco ASA5510 and AIR-CT5508 wireless controller but are willing to change things around to make public users surf  through ScanSafe.


0
Comment
Question by:dalva
10 Comments
 
LVL 3

Expert Comment

by:rdmustang
ID: 34156953
At a minimum, you will need a firewall to block outbound TCP 80 and TCP 443 except for the IP addresses needed to connect to the ScanSafe service.
0
 
LVL 1

Author Comment

by:dalva
ID: 34160485
We don't want to block anything at the firewall.  We want to redirect all Internet requests to pass through the ScanSafe servers.
0
 
LVL 7

Expert Comment

by:kellemann
ID: 34163512
As rdmustang correctly points out, you need to block at the firewall level, or guest users can just bypass ScanSafe manually.
To deliver the proxy settings to them, you need Web proxy Autodiscovery Protocol (WPAD). See http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol for more info on how it works.
It involves a webserver, a DHCP server and DNS server to get working. You also need to configure a specific file, called a .pac file with the options that suit your needs.
0
 
LVL 9

Expert Comment

by:DanJ
ID: 34200217
One option is to use WCCP to redirect traffic on the ASA. I don't know if ScanSafe supports that.
Another option is to use PBR but that is supported only on the routers.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 1

Author Comment

by:dalva
ID: 34200517
ScanSafe does not support WCCP.

If we had to, we could place a router between the ASA and the Internet.  PBR may be an option we can look into more.
0
 
LVL 1

Author Comment

by:dalva
ID: 34262068
I heard the SonicWall FW TZ 200 has the option Web Proxy Forwarding.  I have ordered one and will post back in a few weeks when it has been installed and tested.
0
 
LVL 1

Accepted Solution

by:
dalva earned 0 total points
ID: 34436912
Turns out the SonicWall product does have the Web Proxy Forwarding and IT WORKS to solve our problem.  We are using the SonicWall FW TZ 200 because it is the model which fits our size requirements.

We just placed the SonicWall between our current PIX firewall and the Internet.  We opened up the SonicWall so it does no firewalling just web proxy.

Thanks to all who made suggestions.
0
 
LVL 1

Author Comment

by:dalva
ID: 34436926
Author has posted a solution.
0
 
LVL 1

Author Closing Comment

by:dalva
ID: 34505936
The SonicWall product worked therefore question should be closed and no points awarded.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco 2911 8 34
EIGRP Bandwidth 2 41
Cisco 2800 SNMP - false power supply alert? 3 45
Cisco Router / Switch - NAT 10 32
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now