I'm looking for a good way to handle proxy settings when a user moves between locations. Assume the following:
User: Joe
Site 1: UTM 220 with Web Protection
Joe's primary office
Site 2: UTM 120 with Web Protection
Joe visits this site occasionally and may bring his own laptop or use an on-site device.
The problem is I don't want Joe to have to change his proxy settings manually each time he logs in at site 2, and I don't want all his web traffic to have to jump across the vpn, otherwise it defeats the purpose of having web protection on the firewall at site 2. I'd need to have a dynamic way of setting his proxy appropriately depending on his location.
Here are a few suggestions I've come across and not exactly ideal.
User: Joe
Site 1: UTM 220 with Web Protection
Joe's primary office
Site 2: UTM 120 with Web Protection
Joe visits this site occasionally and may bring his own laptop or use an on-site device.
- Site 1 and 2 are connected with site to site VPN.
- Machines at Site 1 and Site 2 are on the same domain.
- Joe's proxy settings are controlled via GPO and currently points to the site 1 firewall as the proxy.
- Most users have a static location, and there is a GPO for users at site 1 and a gpo for users at site 2 setting their proxy respectively.
The problem is I don't want Joe to have to change his proxy settings manually each time he logs in at site 2, and I don't want all his web traffic to have to jump across the vpn, otherwise it defeats the purpose of having web protection on the firewall at site 2. I'd need to have a dynamic way of setting his proxy appropriately depending on his location.
Here are a few suggestions I've come across and not exactly ideal.
- Multiple domain accounts - I do not want users to have to keep track of multiple domain accounts
- Control proxy via DHCP scope - Works unless the machine has a static IP. I.E. Joe is an IT staff member and is logging onto a server.