Jamf Nation Community

lehmanp00 · ‎01-27-2016

After a 1/2 year of using the Palo Alto Global Protect VPN for filtering; we are open to something else. I thought I'd re-open this discussion and see what others are doing in since the last discussion on JAMFNation (2014).

CasperSally · ‎01-27-2016

We are happy with iBoss. 6500 Macs, 2500 of which get home filtering, plus 1000 iPads and 1300 Chromebooks. They are about to release a Chromebook extension to make Chromebook filtering easier. There were some growing pains getting the home filtering working for osx 10.10 last year, but I tested and it works fine in 10.11 so we'll be good going into next school year.

We were with lightspeed years ago but they couldn't handle our mac home filtering, but it seems like they've improved since then.

Don't waste your time looking at Edgewave/iPrism. The worst OSX support I've ever received. Pretty sure they outsourced everything and couldn't answer any questions.

lehmanp00 · ‎01-27-2016

How does the iBoss work with the iPads? Is it a VPN type? Proxy?

CasperSally · ‎01-27-2016

@lehmanp00 I believe they do proxy if you want to do that, someone else may be able to answer for sure. Our ipads don't go home - they get filtered in line here like any other device - we tie the VLAN to a filtering policy. They offer some sort of MDM solution (in addition to the filtering options), and I've had to explain to sales team more than once MDM doesn't do anything for JAMF customers. Just mentioning to not let them take you down the MDM road.

lehmanp00 · ‎01-27-2016

We would need a 'take-home' solution. The PA Global Protect is a straight-up VPN. The user has to login with the app. We can even set it to remember the username/password so they don't have to login more than once. However we have seem some BIG show-stopper issues:

The app can randomly timeout. That isn't so bad, except when it times out when the ipad is focused with Casper Focus. The ipad is basically unusable at that point and we have to wipe it.
The app crashes and has to be re-installed.
The students, god bless them!, have figured out that you can just do a "Reset Network Settings" on the ipad. The app is still there (so Smart Groups still show the app on the ipad) but the ipad is no longer forced thru the VPN until the app is deleted and re-installed.

lazyGhost · ‎01-27-2016

We use ZScaler with ~12K iOS devices- some of the devices go home. We just push out a global http proxy and the certificates to the devices. Our rough patch with this product has been limitations with ipSec VPN tunnels from our outbound WAN to ZScaler's infrastructure. This may be something between our Cisco ASA and their connection so we're waiting on a newer router that supports GRE tunnel that will hopefully remedy this.

Apart from that, ZScaler works with iOS, OS X, and ChromeOS devices. Just a matter of pushing out the global http proxy profiles and certs to devices and mostly smooth sailing.

jduvalmtb · ‎02-11-2016

@CasperSally Agreed! We're actively looking at alternatives to iPrism. You'll be surprised to know their 10.11 client doesn't work and we're still waiting on an authoritative response...
We're going to try a demo of iBoss when we get back from break.

rusty_adams · ‎03-23-2016

We use Lightspeed and force a global proxy through it for iPads. That works OK, but from what their support tells me, in order to use the actual mobile filtering app (which would provide more details, etc. when running Web Activity Reports) on the iPad in lieu of the proxy, you have to use their MDM. The app was just recently released, but that is really disappointing.

Next year we are rolling out some student Macbook Airs. I do seem to have the Lightspeed Mobile agent running on those, but haven't had it going long enough to gauge its performance.

Jamf Nation Community

K12 Mobile Device Filtering Redux