Technology Decision Makers

last person joined: 17 days ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

Web filtering on laptops

  • 1.  Web filtering on laptops

    Posted Feb 04, 2020 17:37

    We use the Fortinet FortiClient VPN client for VPN, anti-virus, and web filtering. By default, the FortiClient web filtering blocks access to unknown websites. Unfortunately, many hotels with captive portals count as unknown websites and our users are unable to access the portal and therefore the internet.

    The only option we have within the FortiClient is to change the blocking of unknown websites to "warning" users that they are about to access an unknown site, and hoping/trusting that they will be careful. I'm concerned this will be a disaster.

    Does anyone have a thought about another way to solve this issue?

    Thank you!



    ------------------------------
    Richard Wollenberger
    Director, Information Technology & HIPAA Compliance and Security Officer
    St. Louis MO
    ------------------------------
    picture of work desk from home with notebook, glasses, coffee, keyboard


  • 2.  RE: Web filtering on laptops

    Posted Feb 05, 2020 23:55

    Following this.  I don't have any answers, and am also looking for good solutions, especially ones that will work for Chromebooks in an out-of-school-time environment.

     

    Tom Anderson

    CEO, IT4Causes

    804.241.2555

    IT4Causes-logo-color180

     




    picture of work desk from home with notebook, glasses, coffee, keyboard


  • 3.  RE: Web filtering on laptops

    Posted Feb 06, 2020 08:58
    Richard,

    I don't have any great options for you without leaving Forticlient. If you are willing to consider something else at the endpoint level you could try something like Cisco Umbrella (https://support.umbrella.com/hc/en-us/articles/230901108-Umbrella-Roaming-Client-Captive-Portal-Interaction).

    One of my engineers had this to say:



    A long-term solution might be to move a Zero Trust model that doesn't require a VPN. With the near ubiquitousness of HTTPS on all websites, the risks of public wifi are increasingly mitigated (https://www.eff.org/deeplinks/2020/01/why-public-wi-fi-lot-safer-you-think). Using something like Okta to check devices and conditionally authenticate users requires less endpoint control for BYOD and remote workers.

    I don't know what applications your staff need access to and how important content filtering is, but another option is to put everything inside a virtual client - so long as you can validate the endpoint isn't compromised (you can keep it patched, run EDR on it, etc.) then if you put their entire session inside a virtual client - you don't need VPN. VMWare, Citrix Workspace, etc. have dynamically provisioned virtual clients you can deploy like this. I haven't deployed any of these (just seen demos), but this is certainly an option.

    Hope that's helpful, Richard. Good luck!

    -JP





    ------------------------------
    Joshua Peskay
    VP of Technology Strategy
    RoundTable Technology
    joshua@roundtabletechnology.com
    www.roundtabletechnology.com
    ------------------------------

    picture of work desk from home with notebook, glasses, coffee, keyboard