WinGate Forums

[MSill]

Hi,

we are using wingate 6.6.3 (1321) with the wingate internal user database. we are using wingate since many years and all of the 450 users are assumed by ip-address.
Now the time is coming, that i must change the wingate internal user database to the rmote user database (active directory).
in test period i setup a vmware w2k3 server with wingate 6.6.3 and import my actual (wingate internal) user database.
i changed the database to the remote (AD) database.
now i tested the internet connection with a (AD-)group of some users. I use in the www-proxy (services) the NTLM and "user must be authenticated" for this group.
what kind of employments must be set to the system policys (user tab), so that only the users from the www-proxy can use the internet? I hope u are understanding what i want?!

www-proxy -> group "A" with users A1, A2 and A3 using the NTLM-option and the "user must be authenticated"
system-policy -> ???

I have another question. Can i use the NTLM-option and the "assumed user by IP"-option at the same time? We have any computers and other hardware with no AD-Account.
Which is the best way to give these computers the internet-access over wingate. Is there a priority (assumed / NTLM)? I have tested these situation, but anytime i add a
"assumed" IP, i got an error by authentication?!

So i hope u can help me.
sorry for my bad english.

greetings from germany

[logan]

what kind of employments must be set to the system policys (user tab), so that only the users from the www-proxy can use the internet? I hope u are understanding what i want?!

I am having a bit of trouble understanding. Do you want to configure WinGate so that the WWW Proxy is the only useable proxy service?

WinGate's policies are granting policies, so removing all policies from the System Policies will effectively deny everyone access. Then you can use the WWW Proxy service policies to grant access for the WWW Proxy only.

You can also delete or disable services that you don't need.

Can i use the NTLM-option and the "assumed user by IP"-option at the same time?

You can use both at the same time, yes. When making policies, you are given the option to allow assumed users (User may be assumed), or require authentication (user must be authenticated). If a policy grants access for assumed users, then those users that are assumed by IP will not be granted access without being prompted for authentication. If the policy requires that users be authenticated, then access will not be granted for users assumed by IP. Those users will be prompted for authentication as a result.

So make sure that any policies you create for the IP assumed users are configure so the Users may be assumed, and you won't have any problems with authentication.

[MSill]

You can use both at the same time, yes. When making policies, you are given the option to allow assumed users (User may be assumed), or require authentication (user must be authenticated). If a policy grants access for assumed users, then those users that are assumed by IP will not be granted access without being prompted for authentication. If the policy requires that users be authenticated, then access will not be granted for users assumed by IP. Those users will be prompted for authentication as a result.

So make sure that any policies you create for the IP assumed users are configure so the Users may be assumed, and you won't have any problems with authentication.

THX for your response. I make it happen and it works fine. :-)

I am having a bit of trouble understanding. Do you want to configure WinGate so that the WWW Proxy is the only useable proxy service?

not really. I use some proxys like ftp, ssl or some other selfmade proxys in Wingate. I have also some System Policies in use.
I taste some different ways and i have found the best for my situation. Now i have just another problem.
In our government all Internet connections are made by Authorisation (NTLM or Assumed IP). This works fine.
Now it is necessary, that all Users (not only the authenticated and assumed users) in our government grant a right to open a hand full of Websites without a Authentication by Wingate
What is the best way to do this? I have taste it with a additional system policy: everyone/User may be unknown/by request and a
separated WWW Proxy Service. In the Proxy i have made: no Authentication /everyone / User may be unknown / System policies must also be granted

But it doesn't work correctly. Sometimes wingate says "Access Denied", sometimes the specialy Website was open but not complete (any pics and graphics
will not be opened). But all the pics who was not opened, are hosted on the same server as the website itself. A Reload of the Website brings not really a different view (Access denied or not complete loaded Website).
What is the problem?? When i open a website that is not allowed by request, then Wingate says Access Denied. But when i reload this Website sometimes, the Website was loaded!!
Sorry, i don't understand this situation. Pleas help me!