asked on Is it possible to configure external users (laptops) to access the web only when VPN is connected
Hi
I have a group of users who regularly travel with their laptops and i want to be able to have more control on what they are browsing when away from the network.
At the moment when they are in the office they go out through our Watchguard which acts as a transparent proxy and has Websense setup to filter what they can see.
In addition to this when they are connected via SSL VPN externally the traffic is forced down the tunnel and again they use the transparent proxy.
The problem i have though is if they dont connect to the VPN when say in a hotel they can browse what they want.
Is there a way that i can stop browsing access unless they are connected through the VPN.
I know that we could specifiy a proxy in the internet settings but because the Watchguard is a transparent proxy i dont believe this would work.
Any advice would be great.
thanks
I have a group of users who regularly travel with their laptops and i want to be able to have more control on what they are browsing when away from the network.
At the moment when they are in the office they go out through our Watchguard which acts as a transparent proxy and has Websense setup to filter what they can see.
In addition to this when they are connected via SSL VPN externally the traffic is forced down the tunnel and again they use the transparent proxy.
The problem i have though is if they dont connect to the VPN when say in a hotel they can browse what they want.
Is there a way that i can stop browsing access unless they are connected through the VPN.
I know that we could specifiy a proxy in the internet settings but because the Watchguard is a transparent proxy i dont believe this would work.
Any advice would be great.
thanks
VPNWatchGuard
Last Comment
Shaun Vermaak
ASKER
Wouldnt want to use PPTP due to the insecurities.
We use the Watchguard Mobile VPN with SSL and a 2 factor authentication system.
I dont know how i can make sure thats always on though.
We use the Watchguard Mobile VPN with SSL and a 2 factor authentication system.
I dont know how i can make sure thats always on though.
You would have to ask Watchguard support. I don't think you can force it always on, but I am not certain.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
For the most part (in systems I see), VPN is not required for Email access (Outlook has its own security). So if a business user is travelling, needs Email (common), does not need the company system at all times, it seems constraining to force users through a slow system to get internet.
ASKER
It may be constraining but unfortunately security needs outweigh the possible constraints.
Only maybe. Ransomware is spread via dodgy emails and constraining internet browsing does not resolve this.
Common sense and user training is vastly more important that chaining users to something.
Common sense and user training is vastly more important that chaining users to something.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Im afraid user training and common sense doesnt go far enough as users will be prone to ignoring any training and especially common sense.
In addition it isnt ransomware that is my main concern. We have policies on what users are allowed to browse in terms of file sharing and personal email etc.
In addition it isnt ransomware that is my main concern. We have policies on what users are allowed to browse in terms of file sharing and personal email etc.
I think there is an option to use the gateway of the VPNs endpoint so that you can control the traffic.....but if they connect without using the VPN they can always catch something....i think one way would be to protect the Laptops with something like Deep Freeze...so important documents are saved on the cloud and with every reboot the Laptop returns to the approved condition...
ASKER
When the VPN is connected i dont have an issue as the traffic is forced down the tunnel.
My issue is more of a Windows and watchguard setup in that i want the OS to only be able to browse the web when the VPN solution is connected.
My issue is more of a Windows and watchguard setup in that i want the OS to only be able to browse the web when the VPN solution is connected.
Your help has saved me hundreds of hours of internet surfing.
fblack61
How about adding a proxy server. Lock the Proxy settings in Internet Explorer down VIA GPO, so users cannot change it, and no one can access the Internet unless they are connected VIA VPN. This is just a suggestion.
ASKER
Hi Edward, that is defintley an option available to us but i was looking at seeing if we have any options using what we currently have before investing in a new system.
I wonder if you put in 127.0.0.1 as the proxy but leave the VPN settings alone under IE if that would work.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
A proxy server will certainly work. The consultant before me put one in at a client of mine. It did very effectively constrain internet use.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Was this resolved? If so, what was the fix?
ASKER
DirectAccess setup seems to be the way to go but im not in a position to test this yet.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Glad we could help.
@OP, experts and future visitors:
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
Read more on endorsements
https://www.experts-exchange.com/discussions/218503/What-are-Endorsements.html
@OP, experts and future visitors:
Please remember to endorse my, or any other expert's comments that you found helpful by clicking on the "Thumb's Up" button
Read more on endorsements
https://www.experts-exchange.com/discussions/218503/What-are-Endorsements.html
I have lots of business users travelling with company laptops equipped with split tunnel IPsec VPN. I do not have issues with them using Internet outside of the company system.