WinGate Forums

[mfdarvesh]

I am using Wingate on Windows 2003 Server with Domain Controller on the Same Machine.
Internet is working on client through DHCP of Windows Server. It is possible to change
default user of Wingate "Guest" to the user that is login on the Domain. If I disable Guest account
wingate stop working, any solution.

Moreover, Activity window only display NAT TCP connection, and don't show the actual webpage which
is loaded, is there any option to show full URL instead of NAT TCP and IP address?

[logan]

To see HTTP URLs in GateKeepers activity tab:
- GateKeeper -> Services -> WWW Proxy Server -> Sessions
- Enable "Intercept connections made via ENS"
- Add port 80 to the list

To let users authenticate themselves, enable NTLM authentication on the WWW Proxy
- GateKeeper -> Services -> WWW Proxy Server -> General
- Check "NTLM"

[mfdarvesh]

Thanks, it works, again a little question, is it possible to allow internet to only those people who belong to certain group of users, not all?

[logan]

Yes, you can use policy to do that. Here's a quick guide to help you get started.

GateKeeper -> Services -> WWW Proxy -> Policies
- Remove and policies that currently exist.
- Change the default rights from 'may be used instead' to ' are ignored'.
- Click Add to make a new policy.
- Under the recipient tab, choose 'Specify user or group' and select the group that you want to grant internet access to.
- Choose an authentication level. I recommend 'User must be authenticated' when using NTLM authentication.
- Click OK then OK to make the change.

Only users from the group that you selected will be allowed to use the WWW Proxy.

[mfdarvesh]

Thanks logan again, really a great help,

Now may I assume that all users who are not logged on Domain are not able to
use Internet, after implementing above schema?

[logan]

Now may I assume that all users who are not logged on Domain are not able to
use Internet, after implementing above schema?

You can assume that would be the case, but the best way to find out is by logging on to a client computer using a user account that should not be granted internet access by WinGate. Then you will be able to know exactly how the changes are effecting your users.

[mfdarvesh]

Thanks, it works, if you are kind enough to me, please tell me how to block torrent client like Utorrent on clients?

[logan]

Ooo golly, that's a REALLY difficult question, because torrents have no standard way of communicating. The port is random and can be changed at the snap of a finger. And the downloads come from other users on the p2p network rather than a centrally identifiable server. Therefore, I know of only three ways to help eliminate the problem.

1. Using the WWW Proxy policies, block all URL's ending with '.torrent' as this is the format of the files which tell the torrent client how to start the download. Without the torrent file, the download cannot be started.

2. Under Extended Networking -> Port Security, change the default action for the 'client computers to the internet' zone to 'deny', then allow only particular ports that you deem fit. This will prevent the clients from making connections to any ports other than the ports you specify.

3. If you have an Enterprise license, you can use the WinGate Internet Client and central policies to prevent the uTorrent clients from connecting to the Internet. The WGIC is an application level connection method and has the ability to do this easily.