We currently have BM 3.7 as well as the BESS content filter solution at
our district. This combination has worked great the last several years.

This summer we will be installing a pervasive wireless network on
campus. For people who have accounts in eDirectory (faculty, staff,
students) it should work seamlessly. They login, are authenticated to
eDirectory, and on a Windows machine client trust allows them to launch
their web browser and off they go. On a Mac, they launch their web
browser, login at the SSL login screen and browse the web.

We will also have an open side to our wireless network. In other words
anybody could bring a wireless laptop on campus and join the wireless
network without a login. Once they join we will restrict them to the
web and make sure they do not have the ability to get to the rest of
our network (servers in particular). The problem becomes how to route
them through BorderManager and our content filter. I cannot leave this
open wireless wide open to the Internet without filtering. If I do, I
will have students on campus using their own laptops to browse things
like porn.

How can this be accomplished? I have been told that maybe a second nick
card in the BM server might do the trick. The part I am struggling with
is how to get them through BM (hence they are filtered) without a login
to eDirectory. I would like some type of autologin if they join the
guest wireless network that gets them through BM without getting hit
with an SSL login.

Any help would be appreciated.