I think one of the best approaches to resolve your
problem is the one pointed by Jim Harrison, using a
.pac file, that way whatever ?browser? (ie, mozilla?)
your company uses, you can have automatic configured
the proxy when they are at your LAN and this will be
disabled when they are outside since this file wont be
reachable.
(You can have the file in a web server inside your
network and configure the browsers like this in the
?automatic proxy configuration url tab?)
https://intranet/proxy.pac
-------- Surfing the Internet trough outside networks,
why not? -------
My personal point of view is that is useless to force
your laptops to get trough your VPN just to surf the
web when they are at home or on the road. It?s much
solid to have good policies, a good antivirus and
firewall in every laptop (plus education to users) and
also considerer to assign a special PVLAN in the
office to this ?less trusted computers? and take
special care of this segment.
Other way is easily:
1) To figure out how to get on the net when they are
outside,
2) They might not surf the web (at first) but get
connected to untrusted networks and get infected /
exposed.
3) You are going to allow then to get to others
networks since you want them to get to your VPN, so
first they need to get on a network
4) Not always is possible to get to the VPN using
IPSec.
Regards
Leo
______________________________________________
Renovamos el Correo Yahoo!: ¡100 MB GRATIS!
Nuevos servicios, más seguridad
http://correo.yahoo.es
I think one of the best approaches to resolve your
problem is the one pointed by Jim Harrison, using a
.pac file, that way whatever ?browser? (ie, mozilla?)
your company uses, you can have automatic configured
the proxy when they are at your LAN and this will be
disabled when they are outside since this file wont be
reachable.
(You can have the file in a web server inside your
network and configure the browsers like this in the
?automatic proxy configuration url tab?)
https://intranet/proxy.pac
-------- Surfing the Internet trough outside networks,
why not? -------
My personal point of view is that is useless to force
your laptops to get trough your VPN just to surf the
web when they are at home or on the road. It?s much
solid to have good policies, a good antivirus and
firewall in every laptop (plus education to users) and
also considerer to assign a special PVLAN in the
office to this ?less trusted computers? and take
special care of this segment.
Other way is easily:
1) To figure out how to get on the net when they are
outside,
2) They might not surf the web (at first) but get
connected to untrusted networks and get infected /
exposed.
3) You are going to allow then to get to others
networks since you want them to get to your VPN, so
first they need to get on a network
4) Not always is possible to get to the VPN using
IPSec.
Regards
Leo
______________________________________________
Renovamos el Correo Yahoo!: ¡100 MB GRATIS!
Nuevos servicios, más seguridad
http://correo.yahoo.es
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]