Our organization uses a Cisco cloud based firewall/ScanSafe for internet access/content filter.
We moved away from the previous method of an ISA Firewall using pac files.
In the old system we had AD security groups to grant access to the ISA. With the current Cisco solution the internet is wide open and we trust ScanSafe as secure content filter.
The issue I am now running into is that I now have employees that should not have internet access at all (and didn't under the old system) that now have discovered that they do in fact have internet access.
I am trying to find a solution to this from a client side (hopefully to be implemented as GPO)
We only use internet explorer as our browser. As long as I have the "Automatically detect settings" selected nothing else I do will matter, and they get full internet access.
I have tried setting up a proxy server and setting it to 127.0.0.1 but I either succesfully deny internet access, but it will also deny intranet access, which I can not do because all of there time card/HR/company news is all web based.
So the question is:
Does anybody know of any client side settings that will deny internet access but still allow local intranet access?
If the client side is set to "Automatically detect settings", most probably PAC file is being used.
If you have user granularity implemented for your ScanSafe solution, then you can configure Rule under the ScanSafe portal to block internet access for certain group/users. This is settings to be configured under Scansafe solution.
Alternatively, if those users have specific ip address and/or connected to a specific subnet, then you can configure those filtering under your router/firewall.
Other solution would be to remove default gateway on the client's PC, and just have static route configured to access internal resources/intranet. This will ensure that they don't have access to the internet since there is no default gateway.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...