?
Solved

Safe Surfing from Regional Office?

Posted on 2014-04-24
3
Medium Priority
?
381 Views
Last Modified: 2014-04-24
We have a WAN link from headquarters to a regional office.  

All internet surfing normally travels over the WAN to HQ, goes through our proxy ISA/GFI server where traffic is scanned. Downloading certain file types is blocked and we feel much safer having everyone surf through that proxy.

The regional office also has a cable modem so visitors can surf the internet via wifi.  
Our security policy prohibits connecting any of our traveling laptops to the LAN.

In the unlikely event that our WAN is down, we'd like to leverage the cable modem at the regional office to allow our LAN users to use OWA over the internet.

Though we briefly entertained buying some USB wireless adapters so the desktops could reach the internet via wifi if the WAN was down.  Our concern is that they would be less secure because the traffic would not be scanned by our proxy ISA / GFI server.  If someone got infected, they could infect other folks on the LAN.

QUESTION
--------------
What's the best option to provide emergency access to the internet without reducing our security?

One option, if it's possible might be to plug the cable modem into the WAN port of a cheap router, then configure the router to only allow access to our OWA site.  Then connect that somehow to our LAN.  Of course we'd need to have each client go into internet options and remove the reference to our proxy server.  When the emergency is over, we'd need to disconnect the temporary cable modem/router and have our clients enter the proxy server so they can surf the regular way.

Are there other options?  Are there any dedicated devices which block internet threats beyond what a traditional file-scanning anti-virus app might do?

Any thoughts would be very much appreciated,
Thanks,
Mike
0
Comment
Question by:mike2401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
Beartlaoi earned 2000 total points
ID: 40020309
Install a VPN and configure it to route all internet traffic through it rather than only providing access to the LAN.  This will also give your roaming associates the ability to stay in touch whereever they are.
0
 

Author Comment

by:mike2401
ID: 40020354
PERFECT!

If we get a VPN contraption to connect the regional office to HQ using the cable modem in the regional office, that would be a perfect solution for when the WAN is down.

In fact, that way, we don't need to fuss with changing client side proxy settings, and they would also have access to their files which are on the file server here in HQ.

A VPN over the public internet is a perfect solution, thank you!!!

Mike
0
 

Author Closing Comment

by:mike2401
ID: 40020357
AWESOME!  Thanks!
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question