WRS time restriction not enforced if TR enabled

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
ChrisH
  • ChrisH
  • Posts: 388
  • Joined: Sep 13 03 1:38 am
  • Location: Canada

WRS time restriction not enforced if TR enabled

Nov 19 03 3:46 am

Hello,

My clients connect through and authenticate by WGIC. I use TR on WWW and POP3 Proxy. I have one client I want to restrict by time. My thought was that I would apply time restriction to WRS thereby not letting access through, but with TR enabled this doesn't happen. Is this by design? Does it have to be this way? Can't I have my cake and eat it too? I guess I am looking only to change one policy rather than two or more to achieve time restriction. I know that my coffee level today is somewhat lower than normal and perhaps the gray matter is not quite up to speed yet ... am I missing something? TIA
labull
  • labull
  • Posts: 710
  • Joined: Sep 06 03 1:03 am
  • Location: Washington, DC - USA

Nov 19 03 5:21 am

Chris,

Session Tab sez - "Redirect ENS and WGIC sessions".

My guess is that it grabs the packet before it gets to NAT or WRS and sends it to the proxy.

Larry
Last edited by labull on Nov 19 03 9:11 am, edited 1 time in total.
ChrisH
  • ChrisH
  • Posts: 388
  • Joined: Sep 13 03 1:38 am
  • Location: Canada

Nov 19 03 9:08 am

Larry,

Ya, I tend to agree with you but traffic stops until client authenticates at WRS. My logic is if WRS has stopped packet waiting for authentication because it is part of WRS policy then it should "honour" the other WRS policies, but it seems if TR is enabled on WWW proxy, WRS just sends it on - doesn't check the rest of WRS policies.

This is setup I have in case this is confusing. WIN98 client, WGIC 5.1 to XP WG 5.1 server, WRS policies - user must be authenticated and a time restriction. WWW proxy, TR enabled, user can be assumed. So in this setup when client uses IE they are required to authenticate but then are able to browse. Turn off TR and policy is enforced - client unable to browse. In fact all other WRS policies are then enforced. BTW I think I uncovered a slight issue when trying this all out. If TR is not enabled and a WRS Ban List policy - "Client application name contains iexplore" is set, this Ban list policy is not followed, but if same policy is set to "NOT client application name contains iexplore" then IE is not allowed which is backwards to my way of thinking. Oh, but I'm on the other side of the world from NZ and things are sometimes reversed from Northern to Southern Hemisphere :)

Anyway, IMHO I think all WRS policies should be met before moving packet on, but maybe there is something else going on.
labull
  • labull
  • Posts: 710
  • Joined: Sep 06 03 1:03 am
  • Location: Washington, DC - USA

Nov 19 03 9:20 am

Chris

other side of the world from NZ and things are sometimes reversed from Northern to Southern Hemisphere


Yeah, must be difficult for them to be upside down all the time.

The when & where of policy enforcement does seem to be rather confused.

Larry
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index