Personal Firewall and WLAN Hotspots

Hi,
the well known problem for companys who use a central managed
restrictive personal firewall and their users who want to access WLAN
hostspots: this doesn't fit togehter.
We face this problem too and are interested how others "solve" this
problem. We do not allow our users to access the internet directly but
only after establishing a VPN connection to our HQs. This is done by
allowing them access to the official IP-addresses of our VPN devices.

But when talking about WLAN hotspots or internet access in hotels, the
users are either directed to a portal for authentication or billing ->
Our users won't even reach these gateways because of the restricitons
mentioned above.

So does anyone know about these problems and found a solution?

Thanks,
mastermauser

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed) .com> on 6 Jun 2006
05:13:28 -0700, "mastermauser" <(E-Mail Removed)> wrote:

>the well known problem for companys who use a central managed
>restrictive personal firewall and their users who want to access WLAN
>hostspots: this doesn't fit togehter.
>We face this problem too and are interested how others "solve" this
>problem. We do not allow our users to access the internet directly but
>only after establishing a VPN connection to our HQs. This is done by
>allowing them access to the official IP-addresses of our VPN devices.
>
>But when talking about WLAN hotspots or internet access in hotels, the
>users are either directed to a portal for authentication or billing ->
>Our users won't even reach these gateways because of the restricitons
>mentioned above.
>
>So does anyone know about these problems and found a solution?

Mobile IP. See "Roam seamlessly (using VPN)" in the Wi-Fi How To below.
Re your particular problem, see <http://www.birdstep.com/info/solutions.htm>.
See also <http://www.f5.com/solutions/technology/securingaccess_wp.html>.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

In article <%dhhg.757$(E-Mail Removed)>,
(E-Mail Removed) says...
> [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

> Mobile IP. See "Roam seamlessly (using VPN)" in the Wi-Fi How To below.
> Re your particular problem, see <http://www.birdstep.com/info/solutions.htm>.
> See also <http://www.f5.com/solutions/technology/securingaccess_wp.html>.

You think this might be a problem?

"An automated mechanism for uploading of Radius roaming credentials and
scripting update for new hotspots is required to support changes in
Hotspot roaming agreements from the operator."

Back to the original question, assuming now that the hotspots could be a
hotel with no roaming agreement...

On Wed, 07 Jun 2006 19:24:40 GMT, David Taylor <(E-Mail Removed)>
wrote in <(E-Mail Removed) m>:

>In article <%dhhg.757$(E-Mail Removed)>,
>(E-Mail Removed) says...
>> [POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
>
>> Mobile IP. See "Roam seamlessly (using VPN)" in the Wi-Fi How To below.
>> Re your particular problem, see <http://www.birdstep.com/info/solutions.htm>.
>> See also <http://www.f5.com/solutions/technology/securingaccess_wp.html>.
>
>You think this might be a problem?
>
>"An automated mechanism for uploading of Radius roaming credentials and
>scripting update for new hotspots is required to support changes in
>Hotspot roaming agreements from the operator."
>
>Back to the original question, assuming now that the hotspots could be a
>hotel with no roaming agreement...

Do a bit more reading, instead of just leaping to conclusions; e.g.,

Our client connectivity software solutions make nomadic lifestyles a
reality, providing ease-of-connectivity and seamless-mobility to
enable users to retrieve information from any device in any location,
over any network infrastructure.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

> Do a bit more reading, instead of just leaping to conclusions; e.g.,
>
> Our client connectivity software solutions make nomadic lifestyles a
> reality, providing ease-of-connectivity and seamless-mobility to
> enable users to retrieve information from any device in any location,
> over any network infrastructure.

And how are they going to do that if the first thing that a hotspot user
might need to do is authenticate via a captive portal?...

Procedure would be to first connect to an unsecured hotspot - Oops,
there's the problem!

Tunneling once the hotpsot is passing traffic is NOT the issue here, re-
read the OP's question.

David.

On Fri, 09 Jun 2006 07:19:31 GMT, David Taylor <(E-Mail Removed)>
wrote in <(E-Mail Removed) m>:

>> Do a bit more reading, instead of just leaping to conclusions; e.g.,
>>
>> Our client connectivity software solutions make nomadic lifestyles a
>> reality, providing ease-of-connectivity and seamless-mobility to
>> enable users to retrieve information from any device in any location,
>> over any network infrastructure.
>
>And how are they going to do that if the first thing that a hotspot user
>might need to do is authenticate via a captive portal?...
>
>Procedure would be to first connect to an unsecured hotspot - Oops,
>there's the problem!
>
>Tunneling once the hotpsot is passing traffic is NOT the issue here, re-
>read the OP's question.

Why not learn more about Birdstep actually works, rather than just
making assumptions?

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>