Our setup: bm3.5 EE, requiring proxy authentication via sso/clntrust and
ssl, so that we can get the detailed proxy logs. There will soon be several
consultants in the office that require internet access, so I'd like to be
able to do that without giving them an nds account, or requiring them to
authenticate to BM. I figured I could use an "allow" rule specific to the
IP addresses of their machines, and just assign them ip addresses in a

Did a search on this forum, and found the same question...answer was to
check the "authenticate only when user attempts to access a restricted
page". I checked the box, enabled the rule, and it appears to work, but my
question is, are we losing the logging information? I would guess "yes", as
I tested it with a machine that has no nw client on it, and doesn't run
clntrust...it was able to browse freely, and was only prompted to log in
when I aimed the browser at www.playboy.com. (using cyber-patrol for
filtering). all the other sites we went to couldn't have been logged, as
there was no way for BM to know who this person was that was surfing.

I could swear I had this set up way back, before management allowed internet
access at every desktop...I had a couple of kiosk machines w/ fixed ip's
that people could use, as well as a few "special" people that had access at
their desktops. but I can't remember exactly how I did it.

So, is there any way to enable certain machines free access without
authentication, and without loosing all the logging for everyone else?