sunhux
asked on
A script or method to block Internet access when connected to non-corporate network till laptops VPN into corporate
We currently use Checkpoint VPN client on our Win7 & Win10 laptops
for about 300 laptops to connect back to office:
this client will auto pops up when it detected Internet, prompting for
2FA. Is there any way to prevent our users from accessing Internet
unless :
a) they're on our corporate network OR
b) if they are connected to outside (or their home Internet/Wifi),
they can't access Internet till they've connected to this Checkpoint
VPN (which connects to our Checkpoint blade).
Don't plan to use "Always-On VPN" yet as some of our laptops will
still be on Win 7 till end of 2020 (yes, it's beyond the MS EoSL date
but we're applying virtual patches in place of MS patches).
A batch script that detects which network is connected (if it's
Corporate network) that would alter the routing table etc will
be good.
No Powershell script as we've removed PowerShell from users'
laptops
for about 300 laptops to connect back to office:
this client will auto pops up when it detected Internet, prompting for
2FA. Is there any way to prevent our users from accessing Internet
unless :
a) they're on our corporate network OR
b) if they are connected to outside (or their home Internet/Wifi),
they can't access Internet till they've connected to this Checkpoint
VPN (which connects to our Checkpoint blade).
Don't plan to use "Always-On VPN" yet as some of our laptops will
still be on Win 7 till end of 2020 (yes, it's beyond the MS EoSL date
but we're applying virtual patches in place of MS patches).
A batch script that detects which network is connected (if it's
Corporate network) that would alter the routing table etc will
be good.
No Powershell script as we've removed PowerShell from users'
laptops
in order to to connect to the vpn they have to be able to access the internet.
ASKER
dont get the point. MS Always-On vpn dont allow users to access Internet directly n I just want our Checkpt vpn to work like that
ASKER
a batch script that is converted to Windows service constantly running (this service is greyed-out ie inaccessible to users ) that checks for the wifi service name Windows is connected to before allowing default gateway to be used) wid help
ASKER
I'll close this thread if anyone can provide a batch script that extracts the connected
Wifi's SSID name ie:
. . . many lines . . .
There is 1 interface on the system:
Name : Wi-Fi
Description : Intel(R) Dual Band Wireless-AC 8265
GUID : b41c83cb-745c-48b6-b45b-70 e2e3d64f21
Physical address : ac:ed:5c:11:0f:cb
State : connected
SSID : MyWifi-5G <== I'll need this SSID name to compare if it's the Corporate's Wifi
& if it's not, then will remove default gwy till VPN is established
Wifi's SSID name ie:
. . . many lines . . .
There is 1 interface on the system:
Name : Wi-Fi
Description : Intel(R) Dual Band Wireless-AC 8265
GUID : b41c83cb-745c-48b6-b45b-70
Physical address : ac:ed:5c:11:0f:cb
State : connected
SSID : MyWifi-5G <== I'll need this SSID name to compare if it's the Corporate's Wifi
& if it's not, then will remove default gwy till VPN is established
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.