I am having problem with my wingate setting. I am using the assumed user authentication type. But i have some web server need to be access fr internet. When i apply the setting it caused the internet user unable to login my internal web server. I have follow the below instruction:
" If you have servers on your network that are accessible from clients on the internet (e.g. web server / RDP / VNC etc...), then those internet clients will connect to WinGate as Guests unless you authenticate them first (which is not practical in some cases). So you may need to create a policy for the Guest user in ENS and put a policy in the Advanced tab that your local network users cannot use the Guest account; i.e. This criterion is NOT met if Client IP address Begins with 192.168.0.* (Presuming your LAN Clients are on that Subnet) "
But still not work.
Am i missing out something?
Wingate Config
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by jamesc » Dec 28 06 5:31 pm
1. Check how ENS's policies are interacting with the default rights.
2. Confirm the guest account is enabled.
3. Confirm you used the "NOT" when you created the criterion
This criterion is NOT met if Client IP address Begins with 192.168.0.*
*and you would not need the * at the end of 192.168.0. - I will edit that other post.
**and I presume you put your subnet in.
4. When you are using the port redirection in ENS, confirm that you are using the "Don't translate source ip" option; as shown in the below image that is not specific to this forum post.
5. And don't forget about WinGate's reverse proxy or other options as an alternative (Version 6.2.0)
WinGate help file --> WinGate Services --> WinGate User Services --> WWW Proxy Server --> Web Server
2. Confirm the guest account is enabled.
3. Confirm you used the "NOT" when you created the criterion
This criterion is NOT met if Client IP address Begins with 192.168.0.*
*and you would not need the * at the end of 192.168.0. - I will edit that other post.
**and I presume you put your subnet in.
4. When you are using the port redirection in ENS, confirm that you are using the "Don't translate source ip" option; as shown in the below image that is not specific to this forum post.
5. And don't forget about WinGate's reverse proxy or other options as an alternative (Version 6.2.0)
WinGate help file --> WinGate Services --> WinGate User Services --> WWW Proxy Server --> Web Server
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by jamesc » Dec 28 06 6:34 pm
And, if you do not do option 5:
6. Confirm that the WinGate server has detected your network cards / modem correctly for firewall and connectivity purposes. The network card / modem pointing towards the internet should be set as EXTERNAL in WinGate, and the network card pointing towards your LAN is marked as INTERNAL. FYI: If you only have one network card, and it has a default gateway set to a hardware router with a firewall, then you can set it as INTERNAL in WinGate; WinGate can do single network card NAT.
7. Confirm the Webserver has a default gateway set. To check for NAT and DNS connectivity you could do the following; the format below is domain name, and then the equivalent ip address:
(Windows) Start menu --> Run --> cmd --> ping www.wingate.com
(Windows) Start menu --> Run --> cmd --> ping 210.55.214.36
(Windows) Start menu --> Run --> cmd --> ping www.google.com
(Windows) Start menu --> Run --> cmd --> ping 66.102.7.99
8. On the Web Server, the Windows Firewall is best disabled in the Windows Services for the sake of testing if you deem it safe, and any other security suites.
Correction from last post:
3. Confirm you used the "NOT" when you created the criterion **as well as "Begins with"**
This criterion is NOT met if Client IP address BEGINS WITH 192.168.0.*
*and you would not need the * at the end of 192.168.0. - I will edit that other post.
**and I presume you put your subnet in.
6. Confirm that the WinGate server has detected your network cards / modem correctly for firewall and connectivity purposes. The network card / modem pointing towards the internet should be set as EXTERNAL in WinGate, and the network card pointing towards your LAN is marked as INTERNAL. FYI: If you only have one network card, and it has a default gateway set to a hardware router with a firewall, then you can set it as INTERNAL in WinGate; WinGate can do single network card NAT.
7. Confirm the Webserver has a default gateway set. To check for NAT and DNS connectivity you could do the following; the format below is domain name, and then the equivalent ip address:
(Windows) Start menu --> Run --> cmd --> ping www.wingate.com
(Windows) Start menu --> Run --> cmd --> ping 210.55.214.36
(Windows) Start menu --> Run --> cmd --> ping www.google.com
(Windows) Start menu --> Run --> cmd --> ping 66.102.7.99
8. On the Web Server, the Windows Firewall is best disabled in the Windows Services for the sake of testing if you deem it safe, and any other security suites.
Correction from last post:
3. Confirm you used the "NOT" when you created the criterion **as well as "Begins with"**
This criterion is NOT met if Client IP address BEGINS WITH 192.168.0.*
*and you would not need the * at the end of 192.168.0. - I will edit that other post.
**and I presume you put your subnet in.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by csneo » Jan 02 07 6:58 pm
Good day,
Right now i am having problem with the Ban List. The rules i set in ban list it seems doesn't work for user using NAT. It only work for user using proxy. For the IP without assumed it work , but for IP i have assumed it doesn't work.
Right now i am having problem with the Ban List. The rules i set in ban list it seems doesn't work for user using NAT. It only work for user using proxy. For the IP without assumed it work , but for IP i have assumed it doesn't work.
- csneo
- Posts: 11
- Joined: Jun 13 06 10:33 pm
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 12 guests