Over the years I've used the following scenario for connections through Wingate: assumed users by ip address and computer name; connection via proxy, authentication required (java login) for certain users as defined in www policy, and trapping of port 80 requests coming through Extended Networking. I like to keep Extended Networking enabled to take care of TCP/UDP requests for NTP, windows update, etc. In Extended Networking policy, I have checked that certain users must be authenticated, however, I can't see much difference with that requirement since requests seem to go through regardless.
The above setup works well internally in my building. The problem that I'm seeing recently, is that outside the building on the campus, people are successfully connecting to the network on their iPhones, etc. and getting out via Extended Networking. Of course http requests are blocked by the www authentication requirement in WWW policy.
Can you suggest any setup change, particularly to extended networking? Of course the better solution would be for me to secure my APs. However, to do that I will need to purchase some new hardware because of the age of my current units.
Thanks, James
Assumed Users and Authentication for Extended Networking
Moderator: Qbik Staff
3 posts
• Page 1 of 1
Assumed Users and Authentication for Extended Networking
by DrWho » Jul 29 09 6:09 am
- DrWho
- Posts: 20
- Joined: Jul 04 08 6:16 am
Re: Assumed Users and Authentication for Extended Networking
by logan » Jul 30 09 7:18 pm
Hi James,
Can you describe your current ENS policy configuration for the forum?
From what I understand about your scenario, I believe the following ENS policy configuration will work.
1. Delete any existing policies from ENS and set the default rights option to are ignored
2. Create an everyone policy that requires authentication
3. Create a second everyone policy that does not require authentication, but restrict access to specific ports using the Advanced tab
e.g.
Filter 1
- This criterion is met if server port equals 123
Filter 2
- This criterion is met if server port equals 53
Filter 3
etc ...
This will result in all users being required to authenticate, unless the port is a sanctioned port such as NTP or DNS, etc. The users will not need to be authenticated to access these ports.
Can you describe your current ENS policy configuration for the forum?
From what I understand about your scenario, I believe the following ENS policy configuration will work.
1. Delete any existing policies from ENS and set the default rights option to are ignored
2. Create an everyone policy that requires authentication
3. Create a second everyone policy that does not require authentication, but restrict access to specific ports using the Advanced tab
e.g.
Filter 1
- This criterion is met if server port equals 123
Filter 2
- This criterion is met if server port equals 53
Filter 3
etc ...
This will result in all users being required to authenticate, unless the port is a sanctioned port such as NTP or DNS, etc. The users will not need to be authenticated to access these ports.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
Re: Assumed Users and Authentication for Extended Networking
by DrWho » Aug 06 09 9:56 am
Hi Logan,
Yes, the strategy you described works perfectly. I should have been able to figure it out on my own since it's the same approach that you helped me with to set up a "white list" for my www ban policy. (Duh!)
I was able to customize it for a specific user, instead of everyone, since this fits my need better. And I am able to combine the "user must be authenticated" policy with a ban list to prevent access to certain sites through ENS even if the user is authenticated.
Thanks for your help.
James
Yes, the strategy you described works perfectly. I should have been able to figure it out on my own since it's the same approach that you helped me with to set up a "white list" for my www ban policy. (Duh!)
I was able to customize it for a specific user, instead of everyone, since this fits my need better. And I am able to combine the "user must be authenticated" policy with a ban list to prevent access to certain sites through ENS even if the user is authenticated.
Thanks for your help.
James
- DrWho
- Posts: 20
- Joined: Jul 04 08 6:16 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests