BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Internet/Intranet, proxy through MDS questions (http://www.blackberryforums.com/bes-admin-corner/259681-internet-intranet-proxy-through-mds-questions.html)

JacksonJ 05-25-2012 03:50 PM

Internet/Intranet, proxy through MDS questions
 
Looking for some advice here. BES has been passed down to my group recently after some org changes and since then we have been asked to fix everything that's broken. Some fixes then cause other issues. Our recent one is leaving us scratching our heads. We were asked to allow users with Internet access to access the internet while on Wifi. We did this by configuring the Proxy settings in MDS correctly which had been broken for years. This has allowed all blackberries connected to BES to have internet access (althought it's filtered).

Our BES is 4.1.7.20 and we have users with OS5, 6 and 7.

Basically what the company is looking for is that users with "No Internet" policies can still access Intranet sites. This is appears to be done by changing the "Allow IBS broswer" to false until the recent MDS change.

There are limited users who are allowed Internet access, these users can access the Intranet and the internet through the data plan but couldn't do it while connected on Wifi which is why we enabled the proxy settings on MDS.

Is there a proper setting that we can allow users with No Internet policies to access just the intranet and maybe the internet through proxy while connected to Wifi only? If not then just intranet?

Internet users allowed to still access the intranet and use the proxy while on wifi only?

MisterGriffiths 05-30-2012 07:21 AM

Re: Internet/Intranet, proxy through MDS questions
 
I have to be honest, I've read this post 3 times now and it hurts my head each time.

What I think we have here are a few seperate requirements:

1) You have 2 sets of users, those who can use the Internet and those who cant.

Question: Does this mean that those who cant use the Internet, also can't use the Internet through a proxy using a desktop/laptop in your organisation?

2) All users should be able to access the Intranet

Question: Is this regardless of whether they are using Wifi or not, can the Intranet be accessed using 2G/3G?

3) Users who can use the Internet can only do this whilst using wifi

Question: So the crux is that no one should be able to browse to the Internet unless they are on Wifi, is that correct?

JacksonJ 05-30-2012 08:23 AM

Re: Internet/Intranet, proxy through MDS questions
 
MisterGriffiths thanks for the response, I'll explain how things were before adding the proxy settings to MDS, we're looking to follow similar to what we had before.

Internet users: Policy allowed them to use IBS browsing. These users could access our Intranet and use Rogers data plans to surf the internet.

No Internet users: Policy blocked IBS browsing. These users could only access Intranet sites.

The problem started when our "Internet" users couldn't access the internet while connected to our Wifi. This is because they were trying to get out through our network and was blocked by the firewall. We enabled the proxy settings in MDS to allow them to get out as this was the only choice we had. They require to use Wifi in certain areas of our company due to poor cellular reception.

Now once we enabled the proxy this has allowed them to access the internet at all times, however this has also allowed 'No Internet" blackberry users access to the internet. This is something we do not want. No internet users now have access to the internet if they are connected via wifi or not because MDS doesn't care how you connect. What we want is to control which Blackberries have access to the internet and all others don't.

MisterGriffiths 05-30-2012 10:46 AM

Re: Internet/Intranet, proxy through MDS questions
 
With BESv4 I'm not sure how you are going to get that granually level of control.

You may be able to do something with BESv5 using a combination of BES to MDS relationships and proxy mappings.

You may have to have a specific BES for each group.

Do you intend to upgrade to BESv5?

JacksonJ 05-31-2012 02:24 PM

Re: Internet/Intranet, proxy through MDS questions
 
Thank you MisterGriffiths, over the past week a few of us have been reading so many articles and posts. We have pretty much concluded that we can not do it the way we use to. There are no plans to upgrade our current servers to BES 5, we will be doing that sometime next year with our email replacement solution.

I also thought about splitting the Internet users onto one BES server and the other on another, however there are only about 5% of our users with Internet access so it really isn't a nice split.

Again, thank you for the replies, I think we have a better understanding of the limitations we are facing.

knottyrope 05-31-2012 05:03 PM

Re: Internet/Intranet, proxy through MDS questions
 
If you have people you need to control as much, Maybe BES express might be enough and it is free too.


All times are GMT -5. The time now is 06:08 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.