Hello Adrien,
Had some free time yesterday, opened chm files in Wingate folder and start reading. Have read certificates, credentials and ENS files. Have some questions:
1. Can we import a 3-rd party trusted root CA issued certificate into OS and use for Wingate services? Will certificates in the Machine store be visible in Wingate Certificates panel and be usable for bindings?
2. Are routing and UDP broadcast packets relay functionalities working only for subnets of interfaces marked as internal or for any interfaces subnets?
(Even the firewall option "Disable network name broadcasts to the Internet" does not answer the question, as it's only about NetBIOS name broadcasts traffic, not just any UDP broadcast trafic.)
3. "Indicate UDP traffic (Ports < 1024)" feature is explained a little unclear within the second paragraph. Need some clarifications.
Particularly you have:
When this option is ticked, all UDP traffic will be shown if it is being intercepted by a Intercepting Proxy that may have been configured on a network service, or if it remains active for a longer time frame.
The written does not correspond the first paragraph, for my opinion:
The default behavior for the WinGate NAT is to notify the WinGate Engine of any UDP traffic below port 1024 as soon as it occurs. UDP traffic above port 1024 is only shown on the Activity panel (located in the Monitoring section of the WinGate Management console) if it remains active for a longer time frame (20 seconds, with at least 10 seconds since the last activity). On systems that have extensive UDP traffic over NAT (such as a DNS redirect) the volume of traffic could cause an increase in memory usage. This switch allows you to control the display of UDP sessions instigated on port 1024 and lower.
As I understand the main part says, that when the checkbox is checked, the all UDP traffic for ports lower, than 1024, will be immediately and certainly (unconditionally) shown on Activity panel. The second part talks about some conditions, one of which is longer time, when before it says immediately!? Please clarify.
4. Where are NAT permissions configured?
I just started reading, so obviously I'll find it later, but want to ask this question.
Where is this done now? E.g. permitting a user to send\receive non TCP\UDP traffic, e.g. ICMP, ESP, etc.
5. Why do we need default rules, which allow TCP traffic on ports 113, 1024-4096 from Internet?!
I don't understand this. This makes the WIngate machine unprotected. Why!? Am I missing anything?
6. (In bandwidth control rule configuration) Does "Apply to traffic to\from the local machine" setting control bandwidth between Wingate and the user's computer?
If the option is not checked, but "Rule is bi-directional" option is checked, does it mean the traffic in both directions
between Wingate and remote computer will be restricted, but
between Wingate and local computer - not.
E.g. download speed for cached content will utilize full LAN connection speed between Wingate and user's computer.
7. In Wingate 6 I was asking you to make an easy way to configure even distribution of available bandwidth between all host computers in a particular subnet or IP range. Did you realize it?
Or we still need to create 253 unrestricted rules for a typical subnet with equal priorities to achieve that!? (I hope you won't say "yes". :-))
That's all for now, hopefully I will have more time to read more and ask more.
P.S. Hope you will make additions\clarifications to the documentation whenever reasonable, so next time meticulous users like me don't spend your time. :-)
Adrien, and please answer my questions from the 2 previous posts as well.
Thank you very much!