Solution Needed: I want laptop users once they go home and connect to WiFi, it should mandatorily direct traffic to my firewall

Hi,

What is the solution if I want all my laptop users once they go home and connect to WiFi they should mandatorily direct traffic to my firewall and we should monitor all website that users access. Also company policy should apply (question posted on behalf of a CISO member)

Views: 160

Reply to This

Replies to This Discussion

The below reply is based on CISO Platform closed group discussion:

(private CISO member): Forcepoint client Or bluecoat unified solution

The below question is based on CISO Platform closed group discussion:

(private CISO member):

Is forcepoint dlp agent capable of doing offline web content filtering as well?

The below reply is based on CISO Platform closed group discussion:

(private CISO member): Use cloud base proxy and web content filter solutions like zscalar

The below reply is based on CISO Platform closed group discussion:

(private CISO member): use any cloud proxy solution that is compatible with your IT infra landscape.

Cloud proxy will give you the same proxy provision that you have on Lan while you are mobile. for this to work effectively please restrict the IPs to your offical IP segments so all official laptops will be forced to connect via cloud proxy only when on wifi

The below reply is based on CISO Platform closed group discussion:

(private CISO member): Use wi-fi group policy to divert traffic from VPN solution. Check spiceworks

Hi...if you have fortigate, then EMS or end point management can ensure the laptop will carry the user traffic as per corporate policies. secondly you may use cloud proxy like zscaler

I think SDP, software defined perimeter is a good option to explore in this case.

There are multiple solutions are available as follow :

1. If only browsing traffic, you can use the McAfee plugins in the browser and set the corporate policy as per your requirements.

2. You can use Zscaler proxy solution, it will route all the traffic as per your requirements and can set customized policy.

3. If you would like to route complete laptop traffic, you can use VPN solutions.

You can use Zcsaler  Internet security under which you will be redirected to you firewall without no one is able to access the internet and they have to use VPN to use internet from your internet .

Feel free to ask if any clarification needed.

You may use a solution like this
1. End users should not have a local administrator access
2. Configure a proxy server(s) in the end users browsers
3. Have an enterprise LDAP/AD policy to disable the facility to chnage proxy server address in the browser by end-users
4. Provide roaming (laptop) users a SSL / Client based VPN
5. Ensure you have proxy server installed in or closure to DMZ or perimeter to handle the redundant internet traffic
6. Ensure that enterprise Anti-Virus, Windows update servers are seamlessly accessible over VPN

This solution works just fine.

There can be two options to achieve the same:

1. Use Hybrid proxy environment where users have agents installed on their laptop and the agent will ensure that traffic is routed to office proxy available over web to do the required filtering as per the web filtering policies configured in office environment. 

2. Use cloud proxy which will be uniform either users are in office or home lan. 

RSS

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service