Wingate and Puresight doesn't work in Active Directory 2003

[daxyaphw]

Hi Qbik Engineer,

1) I have root domain server with AD and DNS server. The Wingate server is the member of the domains. Both of them in different server.
I have followed the knowledgebase information how to configure Wingate in AD which my primary windows domain are forwarding to Wingate server which wingate server dns forwarding to my external DNS. All clients are able to access internet but in Wingate activity tab, all user are registered as WG user instead of domain user. Please help

2) As I have Puresight plug-in, do I need to assign user policies in WWW proxy server services as I did it in puresight. Please advise. TQ

Best regards,
Dax
daxyaphw@yahoo.com

[Pascal]

From your previous posts I'm not sure which version you are using. Is it 5.x or 6.x?

1. User problem

I'm going to assume it's 6.x and carry on from there. However, if it is a version 5.x installation, check what your Database Useage is set to. 5.x could run in a mixed mode, which would allow either WinGate or OS user accounts to be used. This (Rather long URL)
http://support.qbik.com/index.php?_a=kn ... %3C%2Fa%3E
provides the information regarding login for AD.

For version 6. Firstly, the WinGate Service must be logged in as a user that has rights to the AD as well. This is required for WinGate to be able to enumerate groups properly.

With the DNS Setup be careful not to setup a loop. It does not sound as if that has happened in your setup - but if it does, you can exclude the AD Server from being available as an external DNS Server using Advanced Options (On the Start Menu)

2. PureSight Question
In PureSight you are not setting up policies. You are enabling the plugin for specific users. For example, you might not want to filter Administrators. Then you would exclude them from the plugin.

So, if you want access policies (Not Plugin useage policies) you still need to apply those in the WWW Proxy Server.

[daxyaphw]

Hi Pascal,

I'm using version 6.

1)I don't understand the exclude the AD Server from being available as an external DNS Server using Advanced Options (On the Start Menu).

2)I have double check the Puresight. I have set policies in puresight but not in www proxy server service...but how come i can still access WWW from workstation. Please advise. TQ

Best regards,
Dax

[Pascal]

If your AD Server forwards requests to Wingate; but WinGate has knowledge of your AD Server as a potential DNS Server they could begin looping. This would normally only happen when your normal DNS Server is deemed to be unresponsive, etc. The safest option is then to run "Advanced Options" from the WinGate Start Menu Folder, switch to the DNS Tab and prevent your AD Server from being used as a DNS Server. (For normal, Internet related lookups) Kevin's a good person to ask about this - he has the most experience with WinGate and AD setups.

As for the Plugins and Proxy policies. There is a distinction between Policies in the WWW Proxy Service and Users in the Plugin.

You use the Policies in the WWW Proxy Service to control user access to the Internet. (Allowed / not allowed, etc.)

You use the User Configuration in the plugin to determine which users the content filtering plugin will be applied to. If the content filtering plugin is not applied to a user, they can still get Internet access. In fact, they have MORE unrestricted access than a user the plugin does apply to.

[daxyaphw]

Thank you very much Pascal. It is working..Splendid. Thanks again.

Cheers,
Dax

[daxyaphw]

Thank you very much Pascal. It is working..Splendid. Thanks again.

Cheers,
Dax