+ Reply to Thread
Results 1 to 4 of 4
  1. #1
    Registered User itman's Avatar
    Join Date
    03-23-2005
    Location
    TN
    Posts
    35

    Force Connection to VPN

    Point me to the right forum if this is out of place. I had an inquiry regarding forcing my PDA users back to our private network for Internet browsing and email access. Essentially, they desire to load a VPN client on the PDA and lock it down, limiting access only to corporate. Has anyone implemented a solution such as this? It is an easy implementation to force a laptop login through VPN only, but I am unaware of a PDA solution to accomplish this same feat. Thanks.

  2. #2
    Registered User
    Join Date
    06-24-2006
    Location
    IL
    Posts
    2,290
    There are very, very few VPN clients out there for PDAs, and even fewer that will prevent split tunneling.

    But a better question to ask is simply this - why in the name of heaven would you want to add somewhere between 200-500ms of latency to every connection your users have by forcing traffic back through the corporate Internet access point on a device that is designed to be untethered from that point? You're very likely to create connection failures, and certainly going to have complaints from users that the Internet on their phone is as slow as molasses running up hill during a cold snap.

    The whole point of deploying PDAs with Internet access is to increase employee's communication abilities. The plan envisioned is going to do that, but in a very onerous manner. These types of architectures are rapidly dying, even on the LAN/802.11 wireless network side in favor of better AV/Firewall software and encrypted connections where required.

    Unless you're in a very high security environment (like the US Dept. of the Treasury, certain departments at banks, DoD and some contractors), this plan is very overkill.

  3. #3
    Registered User itman's Avatar
    Join Date
    03-23-2005
    Location
    TN
    Posts
    35
    I understand your stance completely and certinly agree under typical implementations. However, this scenario will require security outside of the normal scope. Thanks for your input.

  4. #4
    Registered User
    Join Date
    06-24-2006
    Location
    IL
    Posts
    2,290
    If you're looking for enhanced security, then I'd suggest two alternatives for you:

    Trend Micro security has a WM compatible client for AV purposes, which would assist you in protecting the device with central control over the configuration of the security software. This may be a better form of protection for you, since it allows you to set policies for encryption, passwords, firewall, and AV on the device.

    If securing the device against loss or theft is the goal, then using Exchange policies to require passwords and permit a remote wipe is also an alternative. Good technologies Goodlink can also do this, but I so despised the implementation when I had to use it as a client that I can't say I'd recommend it. However, it may make your system function.

    I'd aim to be as light on the data connection as I humanly could, since I would not want to be your help desk folks fielding calls on performance from mobile devices if everything has to pass through the mother ship before going to the Internet.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts