Allow IP ranges through proxy
Jun 29 12 7:25 am
How do I allow requests for IP ranges through the proxy? I understand how to allow individual IPs through via the access rules, but I have about 20 subnets which need to be allowed and don't see an option to allow ranges. Thanks.
Re: Allow IP ranges through proxy
Jun 29 12 12:29 pm
What version of WinGate are you running? There is a check box that allows you to 'specify range' on the access rules 'where' tab.
I am running WinGate 7.2.2
I am running WinGate 7.2.2
- Attachments
-
- Specify IP range on a access rule
- range.JPG (27.48 KiB) Viewed 7437 times
Re: Allow IP ranges through proxy
Jun 30 12 5:03 am
I am running the latest version: 7.2.2.3416. That is a range of source IPs that you are referring to. I already have a subnet range I've set for my internal users to connect from, but they need to be able to get out to the network to multiple ranges of IPs on many different subnets.
I.E., I need 192.168.10.x/24 (all source IPs) to be able to get from their machines to 192.168.20.x/24, 192.168.30.x/24, 192.168.40.x/24, etc. The only way to do this would be to add 252 individual IPs from each subnet, I guess?
I.E., I need 192.168.10.x/24 (all source IPs) to be able to get from their machines to 192.168.20.x/24, 192.168.30.x/24, 192.168.40.x/24, etc. The only way to do this would be to add 252 individual IPs from each subnet, I guess?
Re: Allow IP ranges through proxy
Jul 02 12 10:56 pm
Hi
how are these client machines using WinGate to connect to the other computers?
E.g. are they being NATed, or just routed to the other networks?
It may be possible to solve this with just routing (route table entries).
Regards
Adrien
how are these client machines using WinGate to connect to the other computers?
E.g. are they being NATed, or just routed to the other networks?
It may be possible to solve this with just routing (route table entries).
Regards
Adrien
Re: Allow IP ranges through proxy
Jul 03 12 8:25 am
The client machines will be using the proxy to call websites on the subnets. Not all sites have DNS addresses on our local network, so it's easier to just call the IP for the website. So, additional to using the proxy to call, say, google.com they also need to be able to call http://192.168.3.x (let's say 100 different IP addresses on that subnet) as well as a few more on different subnets.
I can add http://192.168.3.4 to the proxy whitelist, but what if i need to add 192.168.3.4 through 192.168.3.125? Do I have to add 124 exceptions? I'd rather be able to add a range like the proxy allows me to do for client hosts.
I can add http://192.168.3.4 to the proxy whitelist, but what if i need to add 192.168.3.4 through 192.168.3.125? Do I have to add 124 exceptions? I'd rather be able to add a range like the proxy allows me to do for client hosts.
Re: Allow IP ranges through proxy
Jul 03 12 7:21 pm
Hi
I see the problem, it's not the entire subnet?
You'd be able to use flow-chart policy. Is there maybe some other way you can lock it down, or distinguish between allowed and non-allowed destinations.
Regards
Adrien
I see the problem, it's not the entire subnet?
You'd be able to use flow-chart policy. Is there maybe some other way you can lock it down, or distinguish between allowed and non-allowed destinations.
Regards
Adrien
Re: Allow IP ranges through proxy
Jul 04 12 2:52 am
Actually, yes, instead of relying on Wingate I created a domain policy with all the needed subnets as exceptions like 192.168.3.* and that seems to work. I think if Wingate could do this or had a more straightforward approach it would be optimal just so there is a single point for whitelist/exceptions.
Just in case anyone needs to do this in the future, the policy is: User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> Connection -> Proxy Settings. Under Exceptions add any subnets needed with an asterisk and semi-colon separating them: 192.168.1.*;192.168.2.*;192.168.3.*
Just in case anyone needs to do this in the future, the policy is: User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> Connection -> Proxy Settings. Under Exceptions add any subnets needed with an asterisk and semi-colon separating them: 192.168.1.*;192.168.2.*;192.168.3.*