Nxfilter VPN/Guest network

[kpi...@gmail.com]

So this is a complicated setup

Corp location with VPN to multiple sites.

Guest network using Ubiquity AP and "guest access" at each location

One NXFilter at Corp location.

All DNS requests come to Corp.

Would prefer not to do vlans at all the remote locations (hard to setup and route traffic to corp for dns)

Set up no login required for guest but filter.

AD users login and filter via nxclient?

Just trying to figure out the best solution with only one ip scope at each location.

Hope this makes sense.

[Jinhee]

So you don't want to have the complicated setup and go with just one NxFilter centrally integrated to your central AD?

NxClient sends login username as well but if you need AD integration with that it needs to be in the same network as

it uses IP session again. It's like when it's on remote network it sends token-name and login-name and if it's on local

network it works like NxLogon + proxy filtering.

Try it on one of your remote PC.

[kpi...@gmail.com]

My remote pc's work fine they are on the same network (VPN) and pass login info via NXClient.

But the guest network devices will not have any NXlogin or NXClient.

 

I want to filter the guest network for devices (phones, Tablets, Laptops) that I can not install any NX product on. I don't want them to have to login via web. Guest devices are in the same dhcp scope. 

Right now I connect to wifi on my phone and ipad and have to login every day.

I was thinking I can do this with a DNS hop but that again requires a new scope for the guest network.

This is what I am looking for I think (if user is not authencated use policy "Guest") the guest policy in my network is the most filtered.

I looks as of now unless you are authencated you get a login.

[Jinhee]

If they are all on the same network you can create ip-range user to cover whole network. 'Guest' user with 192.168.0.1 ~ 192.168.0.255. Now every unauthenticated user will be appeared as 'Guest' but if they use NxLogon, NxClient or NxBlock they will be appeared with usernames. And if they are on the same network and the same AD domain you don't have problem with using NxLogon for them.

[kpi...@gmail.com]

So to make sure I have this right

if I have a ip block (10.0.0.0/255.0.0.0) and set it to guest they will get the guest policy

But if I have users that use NXClient in the same ip block, then the policy I have set for that user will apply.

I have guests and users in the same ip block.

BTW I am using NXClient with all my users. Found it more reliable that NXLogin

 

[Jinhee]

Yes. That's the way.