As we know, the enforcement of web access policy is governed by the web proxy when the host is within the corporate network. But when this host (say a laptop) leaves the corporate network and connects to a home or public network, it effectively bypass the web proxy hence having full unrestricted access to the Internet. And this is an issue.
How do you guys solve this problem? How do you block the host from accessing the Internet (especially file sharing sites like dropbox) while outside the corporate network?
How do you implement exceptions like the need for a travelling user laptop to authenticate hotel websites for Internet access?
We use the McAfee Client Proxy in conjunction with the hosted service (though technically it wouldn't require this). It gives a seamless experience on or off network with a fully enforced policy (which is synchronized, too). The hosted service is often bundled with the Web Gateway itself. You should speak to your reseller about this when you renew.
Technically speaking when you implement both there's almost no configuration required of the MCP -- you just have to get the synchronization between MWG and the cloud service setup and the categories, black lists and whitelists set up.