WinGate Forums

[farinformatica]

Hi all.
I need an advise about wingate and DNS in Active Directory environment.

This is my configuration:

Wingate 4 (it’s old, I know, but I will upgrade it ASAP) is installed on a windows 2k standard server (it’s not the AD server) that has only one NIC (and no other network hardware) connected to the LAN.
The outgoing connections (towards internet) are made through an hardware firewall appliance connected to the same LAN, that accepts requests only from the wingate machine IP.
I use wingate only as a proxy for the authentication and this works very well for our jobs.

In the Wingate TCP/IP NIC network properties I’ve inserted in the Gateway field the IP of the internal interface of my firewall, in the DNS field I’ve inserted five DNS IPs of my ISP (and not the DNS of the AD server), in the WINS field there’s the IP of the internal WINS server (the AD server).
The clients use only the proxy services and don’t need to have external DNS resolution, so in the clients DNS field there is only the IP of my internal Active Directory DNS.
My internal Active Directory DNS hasn’t any forward to an external (or Wingate) DNS, we don’t need it (only wingate needs to resolve DNS queries).
The Wingate DNS service is stopped (we don’t need it).
In a Qbik document I’ve read this: “Once this has been done,then you will need to enter the IP address of the DNS Active Directory server in the DNS server option of the WinGate Advanced Options. These options are found on the start menu under Start Menu\Programs\WinGate Advanced options. This is required to prevent DNS loops occuring between WinGate and the Active Directory DNS server.”.
I haven’t found the “Wingate Advanced options” in my start menu of the wingate pc, is it an options of wingate 5 or 6 and not of the version 4? Are there any problems if I cannot do as described in this Qbik document?

All works very well, but I’ve a doubt: is it correct the above described DNS (and TCP/IP) Wingate machine configuration? In this configuration the wingate machine DNS resolution of the internal names of the LAN clients it’s impossible, there’s any problem for this? Are the names of my LAN clients asked from wingate to the ISP DNS? Are there security related problems if wingate try to resolve the names of the LAN clients to the ISP DNS?

Thanks in advance to all for your help.

Bye.
Filippo.

[kgoodknecht]

Hi all.
I need an advise about wingate and DNS in Active Directory environment.

This is my configuration:

Wingate 4 (it’s old, I know, but I will upgrade it ASAP) is installed on a windows 2k standard server (it’s not the AD server) that has only one NIC (and no other network hardware) connected to the LAN.
The outgoing connections (towards internet) are made through an hardware firewall appliance connected to the same LAN, that accepts requests only from the wingate machine IP.
I use wingate only as a proxy for the authentication and this works very well for our jobs.

In the Wingate TCP/IP NIC network properties I’ve inserted in the Gateway field the IP of the internal interface of my firewall, in the DNS field I’ve inserted five DNS IPs of my ISP (and not the DNS of the AD server), in the WINS field there’s the IP of the internal WINS server (the AD server).
The clients use only the proxy services and don’t need to have external DNS resolution, so in the clients DNS field there is only the IP of my internal Active Directory DNS.
My internal Active Directory DNS hasn’t any forward to an external (or Wingate) DNS, we don’t need it (only wingate needs to resolve DNS queries).
The Wingate DNS service is stopped (we don’t need it).
In a Qbik document I’ve read this: “Once this has been done,then you will need to enter the IP address of the DNS Active Directory server in the DNS server option of the WinGate Advanced Options. These options are found on the start menu under Start Menu\Programs\WinGate Advanced options. This is required to prevent DNS loops occuring between WinGate and the Active Directory DNS server.”.
I haven’t found the “Wingate Advanced options” in my start menu of the wingate pc, is it an options of wingate 5 or 6 and not of the version 4? Are there any problems if I cannot do as described in this Qbik document?

All works very well, but I’ve a doubt: is it correct the above described DNS (and TCP/IP) Wingate machine configuration? In this configuration the wingate machine DNS resolution of the internal names of the LAN clients it’s impossible, there’s any problem for this? Are the names of my LAN clients asked from wingate to the ISP DNS? Are there security related problems if wingate try to resolve the names of the LAN clients to the ISP DNS?

Thanks in advance to all for your help.

Bye.
Filippo.

If the Wingate server is a stand alone server (Not a member of the Active Directory domain) using the ISP DNS in TCP IP properties is OK. However if the Wingate server is a domain member use of the ISPs DNS is not allowed.

To assign a DNS server for Wingate to use double click the DNS/WINS resolver in Gatekeeper and put in your ISP's DNS server.
However if you have any locally hosted sites your ISP DNS won't resolve these sites correctly. You will have to use a local DNS server preferably on the Wingate machine that can resolve the local sites, this DNS server can forward to your ISP or use its root hints for non-local names.
You have to be very careful about assigning DNS server for Wingate to use or you could be setting up a DNS loop. Forwarders should always forward out and never forward inward. You can use Advanced options to assign DNS server that Wingate should never use to prevent DNS loops.