corporate logo
HOME   |   offers   |   who we are   |   what we do   |   FAQ   |   employee sign-up   |   contact us

Frequently Asked Questions About Our Benefit Program

We Answer The Most-Frequently Asked Questions About Our Employee Discount Service

Frequently Asked Questions

I Do Not Have Access To Your Service, Can You Tell Me What Kind Of Offers You Have?

Our employee benefit and discount service is a private service, so we cannot tell you what offers we have if you do not already have access. What we can tell you is what offers we have had in the past. Click here for the Past Discount Offers Just because these offers appeared in the past, it does not guarantee that we have them in the future. Thank you for understanding

Can You Send My Corporate Offers Email Update To My Personal Email Address?

We cannot send our offer update to your personal email address. The problem is that any employee can forward an email to someone else (who may not be an employee) and then the exclusive employee offer just leaked out to the public and the producer cancels the offer. That is why you have to be at work or use a VPN to connect back. We have to protect the good stuff, other companies have not-so-great offers and they do not need to protect them.

Why Do I Have Problems Getting Access To Your Website?

You must access our service from your corporate network. For some users a problem can occur if you try to access from home or from a remote location. You may have to configure your VPN client to "Tunnel All Traffic" or "Force Tunnel" to be able to get access from home. If you cannot do this, you should contact your IT department and ask them to help you. Some users do not have a VPN to connect from home and they will not be able to connect.

What Changes Do I Have To Make To My VPN To Connect Remotely?

Your VPN connection should be set to "Tunnel All Traffic". If you are unable to configure your VPN client yourself, please ask your IT support team to help you. Sometimes your IT support team may have to do it for you, as they may not allow users to make this change themselves. If IT will not allow or configure "Tunnel All Traffic" for you, then you will not be able to connect to our service. as this is inherently MORE secure than the split tunneling model.

We keep our offers secure by only allowing access to corporate networks. We have to protect the good stuff, those other companies who allow you to access using a user name and password have not-so-great offers. We get the best of the best offers because we protect our deals and keep them exclusive to corporate employees.

My IT Department Sets My VPN to Use "Split Tunneling"
They Will Not Switch on "Tunnel All Traffic" or "Forced Tunnel"
What Do I Do Now?

VPN Split TunnelingGo back to IT and insist that they provide you an appropiate access solution that is line with industry best practices.

When an organization chooses to use VPN split-tunneling settings on their remote client setting instead of "tunnel all traffic" they may save a couple of dollars in bandwidth, but they are creating a potentially huge security problem in allowing their remote users to go directly to potentially insecure websites without any modicum of control. Information technology best practice dictates that all employee traffic should go through the employer firewalls, so allowing employees direct access to the internet puts them, and the organization, at risk of hacking, uncontrolled browsing and other issues including lawsuits from employees looking at inappropriate content.

The VPN "Tunnel All Traffic" mode is not only a great deal more secure than "Split Tunneling" and should be used for all remote user, but it has a lower TCO . Having split tunnelling on the VPN opens up the user (and the corporation) to machine infection and subsequent nefarious activities on that computer that can be leveraged by hackers worldwide. In the old days, employers could get away with the "don't ask, don't tell" attitude towards what users are doing on their machines when out of the office, but those days have long since passed and employers need to start locking down their environment to guard against hacking and lawsuits.

Using a "Forced Tunnel" or "Tunnel All Traffic" mode means that all web traffic on the users computer will be forced into the VPN tunnel and funneled back into the corporation, which then allows the corporation to analyze and detect any nefarious activity for infections, protect the endpoint and lock down any secondary source for virus infection and attack.

What Solution Do Financial Companies Do For Remote Access?

All financial companies now only allow remote access to their environment from a corporate laptop using a VPN that only allows the laptop to become a node on their network and it is not allowed to directly connect to anything else. Users can still get to regular web resources, they just do it through their organization. For home computers that are owned by the user, financial companies have adopted the model that they can never actually become a node on their network, but they will allow them to access an ASZ area that uses a remote control session through products such as LogMeIn, TeamViewer, Splashtop and GoToMyPC. This non-node session will first require that endpoint analysis is completed on the home PC to make sure that it meets a very basic standard of OS security patches, anti-virus, anti-spyware and anti-trojan. They will then be allowed access to their remote control product, which is recorded and logged. Split-tunneling technology allows VPN users to direct some traffic through a VPN tunnel, while still sending other traffic directly through a local network's default gateway to the outside world. This solution is chosen for some very bad reasons including:
  • We do not want to know what our user is doing on their work portable computer or their home machine (when they are connected to us)
  • We do not want to have to deal with all the web traffic, we will have to increase the size of the VPN infrastructure

Can You Tell Me More About VPN Split Tunneling?

In the most basic VPN scenario, a home user with a DSL modem, for example, can establish a VPN connection that forces all of his or her system's traffic through the VPN tunnel to a workplace network. This traffic includes everything from email and other corporate services to simple Web browsing. When split tunneling is introduced into the equation, only a portion of the traffic is tunneled. Administrators configure the VPN tunnel to be network-aware, and the user's VPN client then makes intelligent routing decisions based upon each packet's destination address. If a packet is headed to a system on the workplace network, it gets routed through the VPN tunnel. If it's destined for an external site, it goes through the user's DSL gateway directly to the destination host.

The decision to use split tunneling depends upon the specific business needs. If your goal is just to secure traffic between remote users and the workplace, and let the client get infected with all kids of nefarious viruses and Trojans, then it's totally fine to use split tunneling. If you do so, however, you'll need to educate your users and ensure that they know which traffic does and does not pass through the tunnel; you don't want to give employees a false sense of security, because there is none. They are their own in terms of security. Why wouldn't we want to avoid split tunneling altogether? When you don't use split tunneling, users can't access restricted resources on their local networks. Consider again the case of our home user. If that user has a privately addressed file server sitting on the home network, it won't be accessible without the use of split tunneling. Also, if the enterprise has a large number of users following this model, it may not want to bear the burden of processing large amounts of traffic bound for other networks.