I am testing Wingate as an alternative to MS IAS but have come up with a couple of issues.
Firstly the environment is as follows.
AD domain in main support office with IP range of 172.16.0.0 - 172.16.3.254
Some users in the AD will have restricted internet access (site specific allowed by Login ID)
Some users in the AD will be completly blocked from internet browsing. (By login id)
and there also will be some users who have unrestricted web access but will still need to go via the proxy.
We also have 80+ remote sites that each have a vpn tunnel back to this support office. All web traffic is directed down this tunnel to be proxied.
These 80+ sites have address ranges of 192.168.xxx.yyy where xxx is a store id. Each store is a stand alone windows work group environment. They have no AD connection.
What I need to do is restrict the websites the 80+ stores can go to by URL. They should not need to be asked for a username / password to browse the web and if they try to visit a restricted site (99.99% of all websites) they should be instantly blocked and not be asked for username etc.
Also I need to make sure that the 80+ store sites can access secure sites like https://www1.gotomeeting.com etc
Is this possible?
I only want to use the proxy option ie set Internet Explorer or firefox proxy settings to the Wingate server. The Wingate server then uses our main gateway to the web.
Can I restrict web access to certain sites using an ip range? eg 192.168.x.x without needing login credentials being used.
Thanks in advance
Richard.
Mixed mode environment setup
Moderator: Qbik Staff
3 posts
• Page 1 of 1
Mixed mode environment setup
by RichardV » Jan 28 10 6:50 pm
- RichardV
- Posts: 2
- Joined: Jan 28 10 6:36 pm
Re: Mixed mode environment setup
by adrien » Feb 03 10 2:35 pm
Hi
What you've described is several levels of access control depending on client IP basically. Some users auth, some don't need to, and some shouldn't.
WinGate 6 policies can be defined to only grant to a range of IPs, so if you have some sites that everyone (no matter from where) can use, you can grant access to those from anywhere without auth. For sites that require auth, make that policy only apply to local LAN ips.
So, e.g.
Policy 1 (Restricted LAN users)
User LocalRestrictedAccess (a group that allows restricted access to users based on ID). Must be authed
Location 172.16.*
Advanced: specify allowed sites, 1 filter and criterion for each site.
Policy 2 (Unrestricted LAN users)
User LocalUnRestrictedAccess (a group that allows unrestricted access to users based on ID). Must be authed
Location 172.16.*
Policy 3 (WAN users)
User everyone, can be unknown
Location: 192.168.*
Advanced: specify allowed sites. 1 filter and criterion for each site.
Keep in mind that WinGate 6 policies only grant access, not deny. A denial occurs when access is not granted.
WinGate 7 will do all of this for you probably a lot easier, and much easier to set whitelists (which can be a bit tedious in WinGate 6) as well, if you'd like to try that let me know.
What you've described is several levels of access control depending on client IP basically. Some users auth, some don't need to, and some shouldn't.
WinGate 6 policies can be defined to only grant to a range of IPs, so if you have some sites that everyone (no matter from where) can use, you can grant access to those from anywhere without auth. For sites that require auth, make that policy only apply to local LAN ips.
So, e.g.
Policy 1 (Restricted LAN users)
User LocalRestrictedAccess (a group that allows restricted access to users based on ID). Must be authed
Location 172.16.*
Advanced: specify allowed sites, 1 filter and criterion for each site.
Policy 2 (Unrestricted LAN users)
User LocalUnRestrictedAccess (a group that allows unrestricted access to users based on ID). Must be authed
Location 172.16.*
Policy 3 (WAN users)
User everyone, can be unknown
Location: 192.168.*
Advanced: specify allowed sites. 1 filter and criterion for each site.
Keep in mind that WinGate 6 policies only grant access, not deny. A denial occurs when access is not granted.
WinGate 7 will do all of this for you probably a lot easier, and much easier to set whitelists (which can be a bit tedious in WinGate 6) as well, if you'd like to try that let me know.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: Mixed mode environment setup
by RichardV » Feb 04 10 11:19 am
Adrien,
Thanks for they reply.
Yes I would like to try v7 if its available to use white lists.
When will the release date be?
Regards
Richard.
Thanks for they reply.
Yes I would like to try v7 if its available to use white lists.
When will the release date be?
Regards
Richard.
- RichardV
- Posts: 2
- Joined: Jan 28 10 6:36 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests