WinGate Forums

[KemoSabi]

Hi,

I recently purchased the Enterprise Edition of Wingate, after trying it out for a month.
I am quite impressed and happy with the way everything works.

My setup right now, is that all the users are recognized via the "Assumed" method. IP is assumed to a specific User.

It tracks the users activities and whatnot, even shows me how they are connecting and to what. However I cant block them from certain sites. I have blocked ALL The users from accessing Youtube and Facebook. That worked a charm.

However just blocking certain users is becoming a problem. Now I have read on previous posts that "Allowed" access takes precidence over "Blocked" access. However I'm struggling to find where I allowed them this access, I have moved them out of a specific usergroup. Into a very limited Usergroup.

Any help would be appreciated, as im struggling quite a bit.

Regards,

[adrien]

Hi

each policy you create (called a recipient) grants some more access. So if you have one policy that grants everyone everything, then other policies will have no further effect.

So the way to tackle this problem is to pare down the policy into things you grant.

Instead of trying to block a group (e.g. group A) of users accessing a site, what you need to do is block everyone from the site, then grant access to everyone not in Group A to that site.

It normally turns out that you have some users you want to be able to view anything, then other groups or individuals you wish to have restricted access. So the "not in Group A" normally turns out to be a different group (e.g. super users).

So you need to make the grants more restrictive to start with, and add more rights to your users as they require them.

Regards

Adrien

[KemoSabi]

Thanks for the quick reply.

How would I go about Blocking this access? By using the Banlist? I am currently using a User System Policy for blocking Youtube and Facebook. If I do you use a Ban List, how do I ban "All" internet sites/usage?

Or is there a better way than Ban Listing?

[adrien]

HI

To block everything, you would simply remove all grants (no policy at all). Then nothing would be granted. Don't mean to be cryptic - this is obviously just a hypothetical case, but it illustrates the point.

So you need to think in terms of what you want to grant to whom.

I would do the policy in the WWW proxy policy rather that System policy (which is less specific since it has to be generic enough for all services).

The ban list is a way of excluding things from a grant of rights. It's like saying "you can have everything except X, Y, Z".

If you need to use a whitelist-style approach that's a bit more difficult with WinGate 6, the allowed sites need to go in as individual filters in the advanced tab. If you need to do whitelisting, I'd seriously think about trying WinGate 7 (even though it's still beta).

Regards

Adrien

[KemoSabi]

Hi Adrien,

Thanks again. I actually just went with allowed times. Allowed "Everyone" members 1 minute from 00:00 - 00:01 and then created a Group out of that called "Web Allowed" and allowed them time to surf all day. And then in those I banned specific websites.

Regards,
Hannes.

[adrien]

Hi

that first policy that only grants access for 1min / day is probably not doing much, so should be able to be removed without affecting your policy logic.

Regards

Adrien