Menlo Security has been named by Gartner Inc. to the Visionaries quadrant of the 2018 Gartner Magic Quadrant for Secure Web Gateways. The Menlo Security Isolation Platform (MSIP) is a global, 24x7 cloud service, that protects enterprises from cyber attacks by isolating and executing all web content in the MSIP platform, away from the endpoints. 

RansNet Hotspot Gateway (HSG) combined with MSIP is an ideal web security solution with seamless UX experience. HSG simplifies the network administrator's job with numerous authentication methods to allow internet access to large number of enterprise and transient users while helping the security team enforce internet policies on both enterprise and BYOD devices.

Once authorized by HSG, the user’s web sessions and all active contents (e.g. video, JavaScript, Flash, etc.), whether good or bad, are fully executed and contained in the Isolation Platform. Only safe, malware-free rendering information is delivered to the user’s endpoint, eliminating any possibility of authorized user device being compromised by harmful web contents.

User experience (traffic flow)

1. User device associates to wireless SSID broadcasted by AP

2. AP forwards user connection request to HSG, which will issue DHCP IP to user device

3. After getting DHCP IP address, user launches browser for Internet access (some devices will auto trigger CNA portal)

4. HSG intercepts user browsing request, and (if not authenticated user) redirects user browser to a customisable splash/login page

   • the splash page can be customized with a link, asking user to download and install SSL cert (for MSIP web isolation purpose)

   • can combine multiple authentication options

     • Enterprise/corporate user login: this integrates with company AD or pre-loaded authorized accounts

     • Guest/Transient user login: this can be self-registration via email/SMS or social sign, with restricted/controlled access.

NOTE: to simplify user experience, we can enable seamless relogin features (client sticky or portal sticky), so that only the first time user is prompted to download SSL cert and authenticate (eg. step #4 only happens once). Subsequent connections are seamless to all users.

To manually download Menlo security root CA cert, please download directly from below links

• • For cloud deployment (CN = Menlo Security Root CA) 

  • For on-premise deployment (CN = RansNet Singapore Root CA)

An example to install cert to your chrome browser (can google other browser setting to import)

1. Download one of above cert (depending on your deployment mode)

2. Launch chrome and go to "Customize and control Google Chrome" > Settings > Under HTTPS/SSL > Manage certificates

3. Click on "Authorities" tab, Click on Import and select your downloaded cert, tick on all the "Trust...." options and OK.

CONFIGURATION ON HSG

To generate Menlo proxy-chain string

1. Login to https://admin.menlosecurity.com/

2. Settings --> Proxy Auto Config, create and view PAC file copy out below string to apply to above HSG config.

You also need to add your network public WAN IP to Menlo admin portal.