LogMeIn/GoToMyPC Question

amsi · 01-25-2012, 08:46 AM

We are having somewhat of an issue with Logme/GoToMyPC. So we blocked it from all our current stores that use Untangle. The issue now is we have specific users who need remote access. So what we've been doing is adding their IP address that they are using for remoting into the pass list.

We had this idea that it might be easier creating a new rack with their IP address having remote access. Do you have any other suggestions on how to do this?

Currently we have all our stores blocked from LogMe.com and GotoMyPC.com; with specific IP address being able to still use it (in the pass list).

jcoffin · 01-25-2012, 10:23 AM

Policy Manager is needed for multiple rack selection.

sky-knight · 01-25-2012, 11:01 AM

I'm a bit confused by the OP.

If you're having issues with users installing those services on machines and accessing them from the outside. You need to deploy a VPN solution and a remote technology that is compatible with it, like RDP. This will enable you to control who has remote access to the network.

If you're having issues with users remoting from the protected network to other stations, then the solution you have in place is the only way to do this with the free tools. Policy Manager, Directory Connector, and the Captive Portal work together to give you an easy to deploy mechanism to use usernames within Untangle. From there you're free to make another virtual rack that allows such access and assign specific users to that rack. If you have Active Directory present, you can also use AD group membership for the rule and simple add the needed accounts to the appropriate group.

amsi · 01-25-2012, 11:29 AM

Well its kind of hard to explain. Its just we are trying to keep track of who's using it and blocking the default racks from being able to use Logmein/Gotomypc.

We were just curious to what the best way is to have this done. Setup a new rack and put the IP's of the users allowed to use those remote services in it? Or just put their client IP's in the pass list?

sky-knight · 01-25-2012, 11:48 AM

Putting them in the pass list completely exempts them from the Web Filter's protection.

So if you want to grant access to those services, while providing content control for those users, that's a very bad thing.

amsi · 01-25-2012, 12:11 PM

Okay so the pass list will exclude them from any blocked sites ...got you. So it might be better to create a new rack then for those users.

amsi · 01-26-2012, 05:28 AM

Another question for you.

If we create a separate rack for passing clients for Logmein/Gotomypc do we need to put the passing IP address in every rack? (Such as default, and the new rack?) or does it just have to be in the new rack?

To explain it again. I'm blocking Logme.com/gotomypc.com from the default rack. Right now I have the people who are using it (I have their IP addresses listed in the pass list for just the default rack). So if they have more then one rack and their IP address is not on every racks pass list. Will they be effected? So making a new rack with the passing IP address will most likely be simpler then having to add every IP address to each pass list (per rack).

01-25-2012, 08:46 AM	#1 (permalink)
amsi Untangler Join Date: Dec 2011 Posts: 38	LogMeIn/GoToMyPC Question We are having somewhat of an issue with Logme/GoToMyPC. So we blocked it from all our current stores that use Untangle. The issue now is we have specific users who need remote access. So what we've been doing is adding their IP address that they are using for remoting into the pass list. We had this idea that it might be easier creating a new rack with their IP address having remote access. Do you have any other suggestions on how to do this? Currently we have all our stores blocked from LogMe.com and GotoMyPC.com; with specific IP address being able to still use it (in the pass list).

01-25-2012, 10:23 AM	#2 (permalink)
jcoffin Untangler Join Date: Aug 2008 Location: Sunnyvale, CA URLs submitted: 1 Posts: 1,784	Policy Manager is needed for multiple rack selection. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

01-25-2012, 11:01 AM	#3 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,465	I'm a bit confused by the OP. If you're having issues with users installing those services on machines and accessing them from the outside. You need to deploy a VPN solution and a remote technology that is compatible with it, like RDP. This will enable you to control who has remote access to the network. If you're having issues with users remoting from the protected network to other stations, then the solution you have in place is the only way to do this with the free tools. Policy Manager, Directory Connector, and the Captive Portal work together to give you an easy to deploy mechanism to use usernames within Untangle. From there you're free to make another virtual rack that allows such access and assign specific users to that rack. If you have Active Directory present, you can also use AD group membership for the rule and simple add the needed accounts to the appropriate group. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

01-25-2012, 11:48 AM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,465	Putting them in the pass list completely exempts them from the Web Filter's protection. So if you want to grant access to those services, while providing content control for those users, that's a very bad thing. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-25-2012, 11:29 AM	#4 (permalink)
amsi Untangler Join Date: Dec 2011 Posts: 38	Well its kind of hard to explain. Its just we are trying to keep track of who's using it and blocking the default racks from being able to use Logmein/Gotomypc. We were just curious to what the best way is to have this done. Setup a new rack and put the IP's of the users allowed to use those remote services in it? Or just put their client IP's in the pass list?

01-25-2012, 12:11 PM	#6 (permalink)
amsi Untangler Join Date: Dec 2011 Posts: 38	Okay so the pass list will exclude them from any blocked sites ...got you. So it might be better to create a new rack then for those users.

01-26-2012, 05:28 AM	#7 (permalink)
amsi Untangler Join Date: Dec 2011 Posts: 38	Another question for you. If we create a separate rack for passing clients for Logmein/Gotomypc do we need to put the passing IP address in every rack? (Such as default, and the new rack?) or does it just have to be in the new rack? To explain it again. I'm blocking Logme.com/gotomypc.com from the default rack. Right now I have the people who are using it (I have their IP addresses listed in the pass list for just the default rack). So if they have more then one rack and their IP address is not on every racks pass list. Will they be effected? So making a new rack with the passing IP address will most likely be simpler then having to add every IP address to each pass list (per rack).