+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, BYOD & Proxy Settings. in Technical; Hi Guys, I've had a look through the forums but can't see anything. At the moment in our college we ...
  1. #1

    Join Date
    Apr 2014
    Location
    Somerset
    Posts
    16
    Thank Post
    0
    Thanked 2 Times in 1 Post
    Rep Power
    1

    BYOD & Proxy Settings.

    Hi Guys,

    I've had a look through the forums but can't see anything. At the moment in our college we have a large network of Xirrus Wifi points and allow students to connect their phones, tablets, etc up to them.

    The problem is, they have to manually input the proxy details for our filtering server to get out to the net. I've been trying to think of a way around this I could implement over summer, but WPAD doesn't seem to work well with mobile devices.

    Can anyone think of any ideas? Or is manual entry the best way?

    Cheers,

    Sam.

  2. #2

    Join Date
    Nov 2012
    Location
    Surrey
    Posts
    62
    Thank Post
    4
    Thanked 9 Times in 9 Posts
    Rep Power
    5
    Have you considered using a Automatic Proxy Configuration File?

  3. #3
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    We setup a transparent proxy for the BYOD users.

    Its pretty easy to do on a smoothwall box

  4. #4
    foofighterjim's Avatar
    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    393
    Thank Post
    30
    Thanked 70 Times in 52 Posts
    Rep Power
    27
    Quote Originally Posted by zag View Post
    We setup a transparent proxy for the BYOD users.

    Its pretty easy to do on a smoothwall box
    +1 From past experience transparent proxy is the only way to do this reliably across the multitude of devices that comes with BYOD.

  5. #5

    Join Date
    Apr 2014
    Location
    Somerset
    Posts
    16
    Thank Post
    0
    Thanked 2 Times in 1 Post
    Rep Power
    1
    We use WebMarshal and it's not at all handy for transparent proxy set-up. I agree though, that does look to be the answer. Cheers guys!

  6. #6

    Join Date
    Jun 2012
    Location
    Hampshire
    Posts
    22
    Thank Post
    1
    Thanked 4 Times in 3 Posts
    Rep Power
    5
    I've just found this thread and thought I'd add to to:

    We're in the same position as the OP (BYOD, Xirrus wireless). We've separated guest traffic to it's own SSID on a separate VLAN, and have configured SonicWall to act as a transparent proxy. Upstream, we have the local authority proxy, or we can also use their .pac file.

    However, while this setup works well for http traffic, it does not work for https. (So in the eyes of the users, does not work :-/ )

    Looking around for solutions, looks like we have 3 options:
    1. Get users to enter .pac file details manually (not keen for obvious reasons)
    2. Get a Smoothwall/Lightspeed box, and bring the filtering in-house (although having seen the prices, this is not a cheap option)
    3. Get on an "Onborder" - Guest GTP100 | onBoarder (this look more reasonable, although I'm not sure how it works/whether it's reliable for https traffic).

    I'll have a look at WebMarshall, but if anyone has any other idea's, I'm all ears.
    Last edited by Jimmer3568; 10th July 2014 at 08:54 AM.

  7. #7

    Join Date
    Apr 2014
    Location
    Somerset
    Posts
    16
    Thank Post
    0
    Thanked 2 Times in 1 Post
    Rep Power
    1
    Well, I only started here a month and a half ago and a week before I started we renewed our WebMarshal contract. I would avoid it like the plague in this instance. You can't set them up as transparent proxies, so the only way to use them is by manual input/PAC file and PAC files are unreliable for a lot of tablets and phones.

    It's definitely clear that you get what you pay for with filtering systems. I think WebMarshal is on the cheap side as it lacks a lot of functionality. When it comes to our next renewal, I'll be heavily pushing for another solution such as Smoothwall!

  8. #8

    Join Date
    Jun 2012
    Location
    Hampshire
    Posts
    22
    Thank Post
    1
    Thanked 4 Times in 3 Posts
    Rep Power
    5
    Cheers Sam, another one to be avoided then.

  9. #9
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,201
    Thank Post
    211
    Thanked 222 Times in 191 Posts
    Rep Power
    72
    We are wanting to implement a guest SSID over the Summer (for BYOD) and currently use Bloxx filtering. I've had a dabble with the instructions I was sent but haven't been able to set a transparent proxy on the guest VLAN Anybody got a simple how-to for Bloxx v7?

  10. #10
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    54
    Thank Post
    2
    Thanked 11 Times in 10 Posts
    Rep Power
    6
    Quote Originally Posted by themightymrp View Post
    We are wanting to implement a guest SSID over the Summer (for BYOD) and currently use Bloxx filtering. I've had a dabble with the instructions I was sent but haven't been able to set a transparent proxy on the guest VLAN Anybody got a simple how-to for Bloxx v7?
    Hi!

    There are a couple of different ways you can configure the appliance depending on where the appliance sits in your network, the good news is that by deploying the appliance in a transparent/intercepting method of deployment you will still be able to use the appliance as a proxy for your domain machines.

    Deployment options with a quick blurb below ;

    • Intercepting - In Line, this is where the appliance essentially acts as a bridge where you have your switch going in to your int/eth0 port and your firewall going in to ext/eth1, it will detect and filter HTTP/HTTPS traffic and push the rest on to your firewall.
    • Intercepting - Gateway, this is where your clients have Bloxx configured as their default gateway - the unit will detect and filter HTTP/HTTPS traffic and everything else will go to the default gateway that is configured for Bloxx.
    • Intercepting - WCCPv2, this is a Cisco protocol and will require Cisco equipment, you configure your Cisco Kit with WCCP that essentially pushes all port HTTP/HTTPS traffic to Bloxx for filtering. If you have multiple appliances WCCP has built-in load balancing and fault tolerance
    • Intercepting - Policy Based Routing, this is kind of similar to WCCPv2 where your layer 3 switch is configured to set the next hop for HTTP/HTTPS traffic to be Bloxx, the switch forwards the traffic to Bloxx where it will filter the requests.


    You may need to reconfigure your identification methods as NTLM/Kerberos is not supported in a transparent/intercepting method of deployment so it would really depend how the appliance is configured.

    If you need assistance changing the deployment let me know and I can have a support call raised and schedule in one of the engineers to give you a call to walk through/set up with you.

    Cheers,
    Grant

  11. Thanks to grant_girdwood from:

    themightymrp (14th July 2014)

SHARE:
+ Post New Thread

Similar Threads

  1. Proxy settings not there on second logon.
    By robinhood in forum Learning Network Manager
    Replies: 7
    Last Post: 6th October 2007, 11:14 AM
  2. Proxy Settings
    By Jonny_sims in forum Windows
    Replies: 19
    Last Post: 25th May 2007, 07:12 AM
  3. Zimbra Web Proxy Setting
    By Geoff in forum *nix
    Replies: 5
    Last Post: 25th April 2007, 12:02 PM
  4. Proxy Settings Not Applied
    By dezt in forum Wireless Networks
    Replies: 16
    Last Post: 3rd October 2006, 08:26 PM
  5. Problem with Proxy settings in GPO
    By tosca925 in forum Windows
    Replies: 9
    Last Post: 18th January 2006, 12:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •