I am using version 8.2.5.4733 to control access to the internet. We have a fairly large group and everyone seems to want to jump onto our wifi and internet with their cell phones etc. Once I tell those users who are allowed what the wifi password is, it quickly spreads across the plant. We also found a few users who where allowed to use the internet visiting sites that were ... lets just say inappropriate for a business. In trying to implement a system to only allow users that had a domain account access to the internet, I'm getting mixed results. There is one thing that I require though and that is when we have customers visit, they do need access to the internet. So, I've created a UN/PS on the domain for them to use. I'm also trying to make this "transparent" so that I don't have to configure all their computers to use our proxy. The perfect scenario that I'm looking for would be if you have a domain account .. you have access .. if you don't have a domain account then upon trying to get on the internet redirect to an "internal" webpage stating the rules and a log in option. Then users can attempt to log in with the UN/PS that I created, then they are allowed on the internet.
1.) Here's what I have done. I've restricted all access to ports 80 and 443 on our Cisco firewall to only accept traffic from the Wingate PC.
2.) I have configured intercepting connections on port 80 and 443 in the WWW Proxy Server.
3.) I have configured a policy on WWW Proxy Server: Request that first checks if user is in the domain .. etc. etc. etc.
4.) Most (if not all) users have their browsers setup to use the IP of the proxy.
5.) At some point in the policy, if all checks fails .. it goes to a redirect (internally so to bypass the proxy) and then the button login is just a redirect to our company site.
6.) A check in the policy says if the request is "our company" site .. the result is auth.
7.) Upon first implementing this ... success. It worked and worked great.
The mixed results is now some users who have domain accounts are getting error message and are not authorizing themselves with the proxy server and therefore don't have access to the internet. If I tell them to browse to the company website, the auth happens automatically and they don't have to enter credentials and are then able to browse the net.
Am I missing something?