We have a Sophos UTM 425 and have it setup to allow guest wifi and internal wifi access for ad devices like win laptops.
we want to add two more ssids, "Student" & "staff"..... and have the relevant filters applied to these ssids.... this is for ipads/chromebooks that can't authenticate via AD.
We haven't received any documentation for the device and having had a search in there knowledge base have found nothing.
We have a guest wifi (byod) setup which is separate from the network and has a different filter applied, and a standard SSID which gives the web filter polices out depending on which group the user is a member of in AD.
Below is a listed of SSIDs we already have, and want to create. The ssid names have been simplified.
"School WIFI" (already in use) Used for all AD compatible devices, the filter policy is given to the user via there AD membership. Staff/Student.
"Guest" (already in use) Used for BYOD separate from the network works fine.
"Student WIFI" we want to create this and force the "Student" filter to it......mainly for student chromebooks.
"Staff WIFI" we want to create this and force the "Staff" filter to it......mainly for Staff chromebooks.
Id create two new vlans, and have the new wireless networks drop onto those vlans, you can then apply a filter policy to those subnets (so filter by location).
We do this with our ipads for students and have them use proxy authentication (so whn they access the net a little popup asks them for their username and password with a session cookie), for the chrome books on the chrome management console we have them access two networks, as the chrome book requires transparent filtering to even log you in we have it connect to the same network (ssid) this initally is transparent and allows the chrome book to get to google authentication, when the user logs in we have a proxy specified on the chrome management console for users, this directs them to a dedicated proxy url for the chrome books which again promps them for the proxy authentication, you have to do it this way to allow the chrome book to login but then record who is using the chrome book.
For staff devices we have set infinate leases (server 2012dhcp) for the staff ipads and just have their network set to be on transparent authentication, this way if something did crop up we could trace the ipad by the ip address, quick nslookup would tell us whos ipad it is.
You could do the same with the staff network for the chrome books.
We have recently set this up and the configuration is working really well, used in lots of maths lessons and is stable, we get all users to login to the chrome books as a standard school user (generic) and the homepage is set to the vle, to get onto the internet is their username and password, when they log off all settings from that session are dropped, the vle also has google sso so they can access their gmail etc
There are currently 1 users browsing this thread. (0 members and 1 guests)