Windows 2003 Router and Wingate

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
kiwi007
  • kiwi007
  • Posts: 27
  • Joined: Feb 28 06 5:32 pm

Windows 2003 Router and Wingate

Apr 20 06 3:08 pm

Hi,
I am using wingate 6.1.1 on windows 2003 with service packs.I am having an active directory environment.Wingate uses AD authentication as well.

A bit of my architecture

I have a subnetwork/domain built for training purposes(not child domain ) but on the same forest.This network is build and maintained by a seperate team.By what has been made availabe to me it seems they(the training domain) have configured a windows 2003 router to connect to the main domain.Internet is working fine no problems there .The users of the training domain is having user names and passwords for the main domain as well.They log into the training domain using the training domain user name and password.If they have to browse Internet -soon as they open explorer it will ask for the main domain user name and password.This works fine for us.


The problem -

Problem is when i check the Internet usage all the communications from the training domain is coming through one access point - the router(This is fine for us) but-.All the traffic from that router is accounted on to one user ID which changes randomly.( I havent figured out how this change is happening).I have a reporting software that I use to send the report to management about the auditing of Internet usage by various levels of people and trainees.I didnt notice this fact till last week.I didnt have any rough users from my training domain till now.Usually the maximum usage is from the main domain.I dont want to victimise any body wrongly for unfair traffic of Internet even later.

Questions -

How can I overcome this ? Is there any way to split up traffic from each computers and show individual users?Or other way on the same gateway entry is there anyway to split up the users individual traffic to their own corresponding usernames ? Any other way to come around this will also be fine..

Thanks
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Apr 20 06 3:46 pm

Hi

So the traffic from a whole subnet is showing in WinGate as coming from the same IP address?

If this is the case, sounds like the 2003 router is performing address translation.

This shouldn't be necessary. With the correct routing setup, it should be possible to have the traffic from this subnet routed through to WinGate, so that WinGate will see the individual IP addresses of each machine, and therefore you can track traffic individually from them.

I can imagine if you have authentication required on WinGate, then the first person to come along will need to auth, which then will be used for all subsequent traffic until there is no traffic for a while.

Adrien
kiwi007
  • kiwi007
  • Posts: 27
  • Joined: Feb 28 06 5:32 pm

Apr 20 06 4:58 pm

Thanks Adrein,

Yes the traffic is coming from the same IP address.I am pretty sure that 2003 server will be doing an address transalation.

How do I go about correcting this problem ?I just managed to find that this particular setting was used to harden the security from the training domain.Many rougue programs as well as "administrators" was some amongst the main reasons.The physical cabling is seperate(well almost) as well.

If I change the routing on each machine will it affect any of my other security that I am having?Is there any other way of coming around this problem?Oh btw I am using "Internet Access Monitor" for my reporting purposes.

Thanks
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

Apr 20 06 5:18 pm

basically I presume all the machines on that subnet have the IP address of the 2003 server as their default gateway.

So all you should need to do, is add a route on the WinGate machine that says that that subnet is available back through the 2003 machine (on it's interface that is on the same subnet as WinGate).

Then turn off address translation in the 2003 server, so that it just routes.

Otherwise, if all the machines are using is like HTTP, you could just enter the IP of the 2003 server into the multi-user machine settings in Wingate - you need an enterprise license for this though. Then all users will need to individually authenticate.

adrien
kiwi007
  • kiwi007
  • Posts: 27
  • Joined: Feb 28 06 5:32 pm

Apr 21 06 12:36 pm

Thanks Adrein,
I will try this and reply back.
Regards
kiwi007
  • kiwi007
  • Posts: 27
  • Joined: Feb 28 06 5:32 pm

May 01 06 1:01 pm

Adrien,
I am doing some changes on my network.A bit of n/w structure may change.So I am planning to wait until this restructuring happens to see the effect.

I have got another strange problem on my wingate server which is being used as a mail server as well.

I have configured everyting up mailboxes which are active directory users as well.I have configured POP3 collection,distribution ,pop3 server as well.Web interface is provided by another package which links to wingate.

I was having problem with wingate not responding/not collecting emails etc etc etc constantly on one of my installations.I reinstalled it and configured everything.I was using this installtaion to collect emails as well.I sorted out all the other problems except one.

Here is the problem- When i ask wingate to collect my emails -POP3 Collection - it comes up with a strange error on the history panel.
"POP3 Collection: Unhandled error :processing server data" .Checked through the logs nothing

I am wondering where its wrong.I have double checked the username/ports/Passwords.Everything seems alright.

Anything that can throw light into this situation will be helpful.

Regards
adrien
  • adrien
  • Posts: 5448
  • Joined: Sep 03 03 2:54 pm
  • Location: Auckland
  • Website

May 01 06 3:36 pm

Hi

That log entry happens when the POP3 client throws an exception in its mail processing, usually when it is parsing an email.

Some malformed emails / spams are deliberately crafted to break anti-spam parsers. Looks like one of these may be breaking the parsing we do for POP3 collection.

Is it always doing it on the same email on the same account?

Adrien
kiwi007
  • kiwi007
  • Posts: 27
  • Joined: Feb 28 06 5:32 pm

May 03 06 4:55 pm

Adrien,
I did go through the logs of my previous system admin.I came to know that the wingate pop3 collection never worked.He was using a thrid party utility to get the work done.

I dont think its just the mail parser.If it was it should have worked when we tested with no mails.I did try sending a test mail to myself and tried retreiving it using the POP3 collection -but got the same error message.I tested only with one single email (send to myself by me through a webmail interface) as well-results the same.I tried collecting mails from different domains as well - all of them gave the same result.

Anyway for the time being i have come around the problem by using the same third party software.Works neatly!!!

I would defenitely love to get rid of that third party software as its clogging my mail servers memory If you have any solutions or anything to be tried let me know.Will do it ..

One additional question.How do i cascade proxys?

I have purchased one more license for wingate and has made online one more proxy for my organisation.I have one line directly linked to Internet on that machine .I need a failover connection that should point to one of my existing proxies.Is this possible?

Regards
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index