manual for wingate

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
bench
  • bench
  • Posts: 77
  • Joined: Nov 10 04 4:46 am
  • Location: El Paso, Texas
  • Website

manual for wingate

Nov 11 04 8:00 am

I have installed wingate trial version but I am having a hard time figuring out how it works, especially how the e-mail part of it work.

I want to implement a proxy server or maybe the wgic as recommended by wingate but their help files are not very precise or well structured.

If anybody has a pdf manual for how to properly configure wingate, I would greatly appreciate it. Also, are there any books on how to install, configure and run wingate?

I guess if you are going to run wingate you need to have a deep knowledge of networking.

thanks.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Nov 11 04 8:45 am

Our documentation is currently under review and version 6's help is already significantly improved over version 5's.

There are whitepapers and knowledge base articles on our site that deal with more specific topics. We do have a WinGate 6.0 mail document, but it is under review at the moment and hasn't been released yet. If you want it, post here then I'll ask Neil to send it on to you.

Other than that, the easiest option might be to post here. As you can see, we are quite active on the forum and can usually offer you pointed advice on how to configure it; what to do, etc.
bench
  • bench
  • Posts: 77
  • Joined: Nov 10 04 4:46 am
  • Location: El Paso, Texas
  • Website

policies

Nov 11 04 12:30 pm

OK, I have made some progress in figuring out how to run the client PC using wgic instead of the proxy, this is something that is not very clear in the help document.

Now I would like to know how to implement policies for users/groups as far as what they can access in the internet. I would like to block certain websites but allow only a few the rights to go anywhere they want.

I have read the help content on this and applied it but it still lets me connect to the ban sites I listed.

I have a laptop hooked up to a router and a pc with wingate server installed also hooked up to the router. I have tried to block access to the laptop but can't seem to be able to.

any suggestions on how to implement such policies?
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Nov 11 04 12:59 pm

Overview
Policies are currently the most intricate part of any WinGate setup (My opinion). However, once you have the basic concepts firmly in hand it becomes very very easy.

The first thing to know is that there are two distinct groups of policies that can act together. The first is the Default (System) Policies. You will find them on the "Users" tab in GateKeeper. Those policies are used if no others are available. By default, they freely grant access.

The second set is the per service policies. They are usually more specific as they have inherently more infomration about the protocol they are working with. You will find these on the policy tab in each service.

Those two policies 'groups' can interact with eachother in three different ways from a Service perspective. For system policies:
    May be used instead - either version of the policy can grant access
    MUST also be granted - the system policies and the service policies must grant access
    Are ignored - the system policies are ignored. Only the service policies apply


Now, to implement a policy you must first determine where you want to implement it. For example - some policies you might want to apply irrespective of the service that is in use. (Traffic limits for a user, for example). Others, you might want to block specific URLs, in which case the Web Proxy is the best place to do so. This is sometimes a bit tricky, and I've found that a rough flow diagram helps here sometimes; especially when you are dealing with a very complex setup.

The next thing to know is that the policies are permissive. If any policy grants the user the right to use / do something - even if another policy later denies it the user will have the right to access that resource. This becomes very important when you consider the interaction between Service Policies and System Policies.

Advanced Filters and Criterion seem complicated, but in truth that is the way to get the most out of policies. It's very easy as well, though.

Filters are OR statements. So, if you read them top to bottom they will say

Code:
if Filter1 is granted or if Filter2 is granted or if Filter3 is granted then the user has rights to this resource.


When you delve a bit deeper, Criterion within a filter are AND statements.

Code:
 if (Filter1.Criterion1 is granted and Filter1.Criterion2 is granted and Filter1.Criterion3 is granted ) OR (Filter2.Criterion1 is granted) OR (Filter3.Criterion1 is granted) then the user has rights to this resource.


Tips
Alright. Armed with all of that there are a few tips to setting them up. First, try to ensure that your traffic is going through the most appropriate service. That gives you the most control over your policies. As you are using WGIC, redirecting that through your webproxy (By setting Intercepts on the WWW Proxy Service) gives you access to the proxy's policies. You can then define your policies there.

Secondly, you can have the same user in a policy multiple times with different types of rights granted. For example - if I want all my users to authenticate when visiting the entire web except for the Qbik webpages I would create two policies for the "Everyone" user.

The first would be:

Code:
Everyone: User must be authenticated


The second would be:

Code:
Everyone: User may be unknown
Advanced Filter + Criterion: Right is granted if HTTP URL contains "qbik.com"


For your setup
What you want to do is create a series of policies for the different users and groups that you have. The easiest way to do this would probably be to divide your users into two groups, those that have rights to go everywhere and those that have restricted access.

Then, you create two policies. One for the group "Restricted" which specifies which sites they are restricted in. Another for the group "Free" which does not specify anything.

The group your users belong to will determine which sites they can then visit. For this to work you will have to be able to associate a given session with a given user. This can be done by an assumption or by actually authenticating the user. (That's cover quite well in the helpfile)

However, one important thing to note is this:

Certain authentication schemas only give you an assumed status. HTTP Basic and most of the email-authentication schemas are treated as "Assumed". So, if you policies will require Authentication you should use a stronger form, such as Java Client, WGIC or NTLM.

Okay. Hope that helps. Post back if you need more.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Re: policies

Nov 11 04 1:01 pm

bench wrote:I have a laptop hooked up to a router and a pc with wingate server installed also hooked up to the router. I have tried to block access to the laptop but can't seem to be able to


Are you talking about basic networking access? (My Network Places)
Jens
  • Jens
  • Posts: 38
  • Joined: Jul 01 04 4:29 am

Default settings list

Apr 07 05 3:38 am

Is there a list of all the default settings to WG as they are after a new install before any configuration is done?
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Apr 07 05 8:15 am

No, but if you tell me what OS you are using I can see if I can find a registry import. Do you want to revert your settings or are you after the default values of a specific item?
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index