Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

bypassing iprism web filter

Posted on 2010-11-22
7
Medium Priority
?
1,524 Views
Last Modified: 2012-05-10
ok, heres what i got,  I have a st. benard iprism model 20 with software version 6.402 that filters quite a few vlans for internet traffic.  I am putting in 8 Cisco Aironet 1252 Access points, What I want to be able to do is bypass the webfilter for anyone connected to the access points.. This is basically going to be a public internet access hotspot.  any ideas?
0
Comment
Question by:jasonmichel
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 2000 total points
ID: 34190762
If the AP is going to give out IP addresses, you could write a network exception for that segment with the PassAll profile. If the IPs area going to live on your main LAN I'm not sure it's possible, unless all wireless connections are going live in a certain range of IPs and then again, the Network set up with a PassAll profile would probably work.  

Another possibility would be to get a second Public IP and put a small layer 2 switch between the Internet access router and the iPrism. Then give the AP it's own Public IP. This will in effect wall off all of the Wireless traffic from your local LAN. We've done that at my company and it works really well.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34191930
i have a total of 8 AP's , i know we don't have that many  public, so maybe i need to look into the idea of creating a DCHP scope on the AP's and just allowing those IP's to pass through the iprism, or maybe get an additional IP to put on a cheap linksys type router and assign the AP's gateway as that in addition to creating the scope?  what do you think?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196274
Probably either would work. I would think the more "secure" solution would be to get a router and give it its own public IP and then have it assign IPs to the APs. This just separates the traffic really nicely and would help to secure your main LAN.  The other solution should work, but this just seems cleaner and more simple.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:jasonmichel
ID: 34196686
how would i get around the current dhcp server, specify a helper in the aironets?
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196766
A router/switch is probably going to have to be involved somewhere, although I am not knowledgeable about the specifics of the Aironets. So, if for some reason you want to put these APs on your network infrastructure you would probably have to create a separate VLAN on your switch. The other solution is more simple because a switch/router directly connected to the Internet eliminates the needs for any routing through your network and eliminates the need for messing with the iPrism.
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 34196814
thats what i mean, even if i put another switch and router on the network, i can point the AP's to that IP for the router, but i still need to have the clients that use the AP get DHCP from somewhere.  the current DHCP server won't point to there, and we don't want everyone unfiltered
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 34196860
If the APs can't send DHCP, and they most likely can't, then your switch/router would have to be able to do that.  And that would be the case with either solution. I know that my home router will do that and that's how my devices, both wired and wireless get their IP addresses. I would assume that your main LAN router/switch would probably to that and if you'd choose to bypass that and use a separate router that ought to do it as well.
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question