Data Loss Prevention

Need to prevent communication of an endpoint in two use cases:

1. User should only be allowed to access specific web app if connected remotely to the corporate network
2. User must be able to connect to the WiFi web setup pages in hotel, but should not be able to connect somewhere else. If connected over VPN with the corporate network, use should be able operate based on the online policies.

anyone already did this kind of configuration. We are using Symantec DLP v11.5

Thanks

Thomas

1. It's the easiest thing. You have 2 options: use different subnets for network and VPN users (not sure yours IT guys will be happy about it :)) or automatically add VPN users to Active Directory group and use AD group based policy. 2. I think, that most setup web pages have private ip addresses and not use post-requests. I think you can use 2 things: firewall rules, based on ip to disable access to public web-sites + DLP policy to prevent any post-request to internal web sites. On VPN connection you still can use AD groups like 1 topic