Tablet and Phone Issues with Isa 2006

ICGIT
ICGIT used Ask the Experts™
on
There are several wireless routers installed in our network, to give users the possibility to access the internet with their laptops. With the recent popularity of tablets, and the fact that we use ISA firewall client to restrict unauthorized users from accessing the internet, we are faced with the fact that he tablets and also phones, cannot gain access to the internet.

I am aware of the rule creating, based on IP address or MAC address, but in our organization people comeand go on a daily bases and a registering mac addresses will not solve the issue.

Thanks in Advance

jt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hi,

Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?

Regards,


RobMobility.

Commented:
You can use softwares like ProxyDroid to setup proxy for navigating through the proxy using tablet and phones, if the O.S. doesn't provide a way to set proxy settings (like Android does).

Elseway you should configure a transparent proxy for your network. This involves forwarding all :80 requests to the :8080 port of your proxy.

HTH. Bye!

Author

Commented:
Sorry for the ignorance, but I do not understand the issuance of scripts to the tablets or smartphones. How do you distinguish between a pc tablet or smart phone once issued a lease by DHCP ?

Also the :80 requests are not clear.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Most Valuable Expert 2011

Commented:
Short of some kind of Proxy App the phones will only operate as SecureNAT Clients (meaning anonymous) unless the built in browser has a place to enter "proxy settings" and a place to enter "proxy credentials".  Without a place to enter the credentials it will just get denied by the proxy.

The "Pads",...I only poked at an iPAD once and it had a place to put in both "proxy settings" and "proxy credentials" however the stupid thing would still have problems authenticating.  For every web page that you opened you would still get a prompt for credentials in-spite of entering the credentials in the settings,...yet you could just "cancel" the prompt and it would go ahead and work,...usually for every web page it would prompt three times and you could just hit "cancel" three times and it would work.  So the credentials entered into the settings worked,...it just wasn't neat and clean.

Protocols beyond HTTP and HTTPS
For any other protocols beyond HTTP and HTTPS your only option is for it to operate as a SecureNAT Client,...there is no way you are going to install any Winsock Client on it that will operate with the ISA/TMG Firewall Server (aka Winsock Proxy Service) and be able to handle the authentication.

These Phones and Pads (particularly the Pads) are just "Laptop Wanabee" Toys,...they cost as must as a cheaper laptop but they won't even do half as much as a Laptop.   The keyboard "add-ons" might make them "look" like a laptop,...but it doesn't change what they are.   They are just crap,...over-market,...under-deliver,...get the people to buy them,...run to the bank with the money.
Most Valuable Expert 2011

Commented:
Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?
Regards,
RobMobility.


That won't get it to authenticate.  If they follow the WPAD standard they will correctly "find" the proxy,...but they will not authenticate properly,..or at least automatically.

Author

Commented:
I agree fully, however we serve government officials that are ignorant to the fact that the latest gadgets are not always the most adequate.
Most Valuable Expert 2011
Commented:
And I have executives that are the same way and can fire me just as fast as a government official,...but,...you just can't buck reality,...reality is what reality is,...and if the piece of junk won't work,...it isn't going to work,...nothing is going to change that.

they flat out were not designed to work in a Corporate environment,....in spite of the fact that they market them fairly heavy to exactly that type of people,....over market,...under deliver.
Most Valuable Expert 2011

Commented:
It isn't that much different then Linux running on PCs.  It was the same old story as that until Likewise-Open and some other similar products came out that gave Linux the ability to join a Domain and do a Single signon without having to create a local user account to mirror the domain account.

Author

Commented:
Hahaha I get yourpoint. Eventhough I did not get a solution, I got the answer I was looking for. Unfortunately I can't use your comments as support material, but at least I know I am not the only one who is of this opinion.
Most Valuable Expert 2011

Commented:
I just found this earlier this morning...while digging for Linux related stuff..

Check with a company called Centrify
http://www.centrify.com/

Watch the video on the page called "Introducing DirectControl for Mobile".  It seemed interesting.  Even if none if it solves your current problem,...it may help with problems I am quite sure you will eventually have if the Executives and Governemt Officials keep hitting us with the BYOD stuff.

Author

Commented:
Thanks for the info. Good luck !!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial