WinGate Forums

[Glukagon]

Hi.

I'm investigating how I could setup and use WinGate in a somewhat special network. I have this afternoon downloaded, installed, and tested a trial version of WinGate. After that I have got some questions but before I will go ahead with asking them I will try to briefly explain the network or environment where I want to put a few WinGates in production.

We are running a kind of dynamic customer support center (CSC) from which we amongst other things do remote management of customer located servers. In our CSC we have LANs where our support technicians are residing with their computers. We also have access from the Internet to some of these LANs via a Citrix Secure Gateway that some of our support technicians and a bunch of contracted specialists could use to reach our CSC. From the LANs in the CSC we have IP access to our customers networks via for example leased lines and site-to-site VPNs.

We have during the years accomplished quite a high level of security with respect to what a certain support technician at a specific time could be able to access at our customers. We also have integrated a few single sign-on systems (SSO-systems) so that the support technicians rarely need to logon manually to the managed servers. We have all our technicians user data and all the policies (black lists, white lists, service schedules, etc) in one centralized directory.

We have a group of administrators constantly changing user data and policies via this centralized directory. When data changes or are triggered by schedules in the directory we have created integrations that automatically distribute the changes in appropriate formats and reconfigures our firewalls, SSO-systems, etc.

We are in the process of rebuilding our LANs. We are aiming to reduce the amount of physical firewalls/routers and to get as many of our own servers to be virtual as possible. In this scenario we have seen that a product like WinGate could be really useful. Now to my questions:

Is there an easy way to integrate against the WinGate server via scripting or something similar to be able to automatically add/enable/disable users and to add/remove service policies for users?

Since it is possible to remote connect to WinGate via the GateKeeper GUI client I thought it could be a good idea to have a similar GateKeeper command line client that one could use for scripting. Perhaps there is one?

I investigated a little bit about how the users and the policies were stored in the Windows Registry. Is it possible to do an integration by adding/changing/deleting registry entries externally that is automatically being picked up by the WinGate server?


Thanks in advance.

[logan]

Is there an easy way to integrate against the WinGate server via scripting or something similar to be able to automatically add/enable/disable users and to add/remove service policies for users?

For adding/enabling/disabling users, you can employ the telnet administration interface which should be relatively easy to script for. As for modifying policy, that can't be scripted in WG6.
WinGate 7 on the other hand may provide what you need as far as changing policy on the fly is concerned. If you'd like to find out more about WG7 and how it could help in your scenario, drop me an email. logan at qbik com. The scenario has me intrigued so I will be happy to help out.

Since it is possible to remote connect to WinGate via the GateKeeper GUI client I thought it could be a good idea to have a similar GateKeeper command line client that one could use for scripting. Perhaps there is one?

Yup, the telnet interface. It's pretty basic though. The telnet admin interface is accessed through the telnet proxy service.

I investigated a little bit about how the users and the policies were stored in the Windows Registry. Is it possible to do an integration by adding/changing/deleting registry entries externally that is automatically being picked up by the WinGate server?

That is another way of doing things. You'd just need to figure out the layout of the registry and you can drop an email past support at qbik com to get help with that. The only problem with making changes directly in the registry is that the WG engine must be restarted so that it picks up the changes.