restricting mobile users internet access

[sarcasmo2005 () gmail com]

I've been asked to seek out if it's possible to implement an internet policy, which restricts staff using corporate 
notebooks to accessing the internet only via corporate internet proxies. 

The mobile users have Cisco IPsec and Sonicwall SSL VPN clients installed on the notebooks. While it's straighforward 
to enforce an VPN (or active directory) policy to enforce mobile users to use the corporate proxies, the problem I'm 
facing is   when a member of staff is in an airport (or is using a hotel internet connection) they need to be able to 
get to the inital account setup pages (i.e where the internet provider asks you to login or pay for time use). This 
makes the internet restriction policy tricky. The mobile users in question can often travel to any region in the world.

I guess you could use a product such as 'i-pass' but from what I can see with i-pass you still have to be able to hit 
the ISPs account setup page, or you could have a hotel that doesn't support i-pass. 

If staff can disable the proxy and go straight to the internet, then it's gone against work to enforce corporate proxy 
use.

I would be very grateful if anyone has had this issue before and could share how they approached it. I'm sure I'm not 
the only person that's had this question posed to them before ??

thanks in advance
PD