Solved

bypassing iprism web filter

Posted on 2010-11-22
7
1,488 Views
Last Modified: 2012-05-10
ok, heres what i got,  I have a st. benard iprism model 20 with software version 6.402 that filters quite a few vlans for internet traffic.  I am putting in 8 Cisco Aironet 1252 Access points, What I want to be able to do is bypass the webfilter for anyone connected to the access points.. This is basically going to be a public internet access hotspot.  any ideas?
0
Comment
Question by:jasonmichel
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 34190762
If the AP is going to give out IP addresses, you could write a network exception for that segment with the PassAll profile. If the IPs area going to live on your main LAN I'm not sure it's possible, unless all wireless connections are going live in a certain range of IPs and then again, the Network set up with a PassAll profile would probably work.  

Another possibility would be to get a second Public IP and put a small layer 2 switch between the Internet access router and the iPrism. Then give the AP it's own Public IP. This will in effect wall off all of the Wireless traffic from your local LAN. We've done that at my company and it works really well.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34191930
i have a total of 8 AP's , i know we don't have that many  public, so maybe i need to look into the idea of creating a DCHP scope on the AP's and just allowing those IP's to pass through the iprism, or maybe get an additional IP to put on a cheap linksys type router and assign the AP's gateway as that in addition to creating the scope?  what do you think?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196274
Probably either would work. I would think the more "secure" solution would be to get a router and give it its own public IP and then have it assign IPs to the APs. This just separates the traffic really nicely and would help to secure your main LAN.  The other solution should work, but this just seems cleaner and more simple.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jasonmichel
ID: 34196686
how would i get around the current dhcp server, specify a helper in the aironets?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196766
A router/switch is probably going to have to be involved somewhere, although I am not knowledgeable about the specifics of the Aironets. So, if for some reason you want to put these APs on your network infrastructure you would probably have to create a separate VLAN on your switch. The other solution is more simple because a switch/router directly connected to the Internet eliminates the needs for any routing through your network and eliminates the need for messing with the iPrism.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34196814
thats what i mean, even if i put another switch and router on the network, i can point the AP's to that IP for the router, but i still need to have the clients that use the AP get DHCP from somewhere.  the current DHCP server won't point to there, and we don't want everyone unfiltered
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196860
If the APs can't send DHCP, and they most likely can't, then your switch/router would have to be able to do that.  And that would be the case with either solution. I know that my home router will do that and that's how my devices, both wired and wireless get their IP addresses. I would assume that your main LAN router/switch would probably to that and if you'd choose to bypass that and use a separate router that ought to do it as well.
0

Featured Post

Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question