Link to home
Start Free TrialLog in
Avatar of ICGIT
ICGITFlag for undefined

asked on

Tablet and Phone Issues with Isa 2006

There are several wireless routers installed in our network, to give users the possibility to access the internet with their laptops. With the recent popularity of tablets, and the fact that we use ISA firewall client to restrict unauthorized users from accessing the internet, we are faced with the fact that he tablets and also phones, cannot gain access to the internet.

I am aware of the rule creating, based on IP address or MAC address, but in our organization people comeand go on a daily bases and a registering mac addresses will not solve the issue.

Thanks in Advance

jt
Avatar of Rob Knight
Rob Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?

Regards,


RobMobility.
You can use softwares like ProxyDroid to setup proxy for navigating through the proxy using tablet and phones, if the O.S. doesn't provide a way to set proxy settings (like Android does).

Elseway you should configure a transparent proxy for your network. This involves forwarding all :80 requests to the :8080 port of your proxy.

HTH. Bye!
Avatar of ICGIT

ASKER

Sorry for the ignorance, but I do not understand the issuance of scripts to the tablets or smartphones. How do you distinguish between a pc tablet or smart phone once issued a lease by DHCP ?

Also the :80 requests are not clear.
Short of some kind of Proxy App the phones will only operate as SecureNAT Clients (meaning anonymous) unless the built in browser has a place to enter "proxy settings" and a place to enter "proxy credentials".  Without a place to enter the credentials it will just get denied by the proxy.

The "Pads",...I only poked at an iPAD once and it had a place to put in both "proxy settings" and "proxy credentials" however the stupid thing would still have problems authenticating.  For every web page that you opened you would still get a prompt for credentials in-spite of entering the credentials in the settings,...yet you could just "cancel" the prompt and it would go ahead and work,...usually for every web page it would prompt three times and you could just hit "cancel" three times and it would work.  So the credentials entered into the settings worked,...it just wasn't neat and clean.

Protocols beyond HTTP and HTTPS
For any other protocols beyond HTTP and HTTPS your only option is for it to operate as a SecureNAT Client,...there is no way you are going to install any Winsock Client on it that will operate with the ISA/TMG Firewall Server (aka Winsock Proxy Service) and be able to handle the authentication.

These Phones and Pads (particularly the Pads) are just "Laptop Wanabee" Toys,...they cost as must as a cheaper laptop but they won't even do half as much as a Laptop.   The keyboard "add-ons" might make them "look" like a laptop,...but it doesn't change what they are.   They are just crap,...over-market,...under-deliver,...get the people to buy them,...run to the bank with the money.
Could you use DHCP and Proxy auto-configuration scripts to assign Proxy settings to the tablets and smartphones?
Regards,
RobMobility.


That won't get it to authenticate.  If they follow the WPAD standard they will correctly "find" the proxy,...but they will not authenticate properly,..or at least automatically.
Avatar of ICGIT

ASKER

I agree fully, however we serve government officials that are ignorant to the fact that the latest gadgets are not always the most adequate.
ASKER CERTIFIED SOLUTION
Avatar of pwindell
pwindell
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It isn't that much different then Linux running on PCs.  It was the same old story as that until Likewise-Open and some other similar products came out that gave Linux the ability to join a Domain and do a Single signon without having to create a local user account to mirror the domain account.
Avatar of ICGIT

ASKER

Hahaha I get yourpoint. Eventhough I did not get a solution, I got the answer I was looking for. Unfortunately I can't use your comments as support material, but at least I know I am not the only one who is of this opinion.
I just found this earlier this morning...while digging for Linux related stuff..

Check with a company called Centrify
http://www.centrify.com/

Watch the video on the page called "Introducing DirectControl for Mobile".  It seemed interesting.  Even if none if it solves your current problem,...it may help with problems I am quite sure you will eventually have if the Executives and Governemt Officials keep hitting us with the BYOD stuff.
Avatar of ICGIT

ASKER

Thanks for the info. Good luck !!