Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jun 21 04 8:07 pm
Hi,
I am trying to implement Internet authentication via Wingate 5.2.3 and am having trouble with the Wingate Internet client on XP.
Is there any way of stopping the many applications that access the Internet from doing so other than entering them all in the Internet Client Applet?
For example I have an XP client that when it boots 3 applications try to access the internet.
inetinfo.exe
win32sl.exe
msgsys.exe
Because it is unable to authenticate the boot hangs.
I could enter each one in the applet, but we have 30 clients I want install the WGIC on and I already have to add a number to the applet (Symantec rtvscan.exe,etc).
After I terminate the sessions in Gatekeeper the system boots, but then I get a logon box when I run Word 2000?
I almost think it should go the other way. Let these apps access the net and disallow all others.
I should also ad, because of a legacy system we run a public IP address range on our internal network. Is that any thing to do with the problem?
Any suggestions?
Thanks,
Michael
Jun 22 04 9:12 am
Hi Michael
You are right, in that since your local network is numered with Public IP addresses WinGate will find it hard to distinguish what is local traffic and what is external public traffic.
The classification of IP addresses on its network interfaces (Public versus Private IP addresses) is vital to how WinGate will handle and bind the interfaces to its services etc.
For more information on how this happens you can read our knowledgebase article on Public versus Private Ip addresses in WinGate
here:
http://support.qbik.com/index.php?_a=kn ... ubcat&_i=1.
This is probably the reason why you are seeing Internet requests for applications that are usually local on the client machines.
Have a read of the article and let us know how you get on.
Regards
Erwin
Jun 22 04 10:41 am
Hi Erwin,
Thanks for the quick reply. I had read that article and suspected it might be the cause. I had set our IP range on the server to Public:No Trusted:Yes and before testing authentication had little problems.
Is there a way to do the same for the client?
Given it is a huge job for us to change IP range, is WGIC the best authentication method to use?
Thanks,
Michael
Jun 22 04 1:01 pm
Hi Michael
In your scenario where you need to have a public Ip addressing scheme I probably would suggest having users authenticate via GateKeeper method.
The WinGate Internet Client is designed to catch all applications that make WinSock calls on the client machine and redirect them to the WinGate server where inturn they are redirected where neccessary (either the Internet or to another machine if deemed local).
As we have established this is made somewhat tricky by the LAN use of public ip addresses, this will be where the hassle of all apps requring auth your finding comes in to play.
If you have your users log into WinGate by using a copy of the GateKeeper.exe from the WinGate server, it can be used as a mechanism to authenticate users (and therefore be controlled by service policies in WinGate) before they try and use any Internet application they might have on their machine.
There is an article on how to do this in the helpfile and in our knowledgebase.
Alternatively if you simply want users authenticated before using IE then there is the option of using Java login.
Hope this helps
Regards
Erwin [/u]
Jun 22 04 3:02 pm
It does, thanks.
Willl have a look at using gatekeeper, but will probably use the Java App for WWW and open up the other services.
Thanks,
Michael
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.