Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jan 04 19 5:29 am
We implemented WinGate to act as a proxy to some client machines by configuring the Internet Explorer proxy settings to point to Wingate on port 3129. We then added a "WWW Proxy Service" on WinGate listening on port 3129 to handle the traffic.
The issue is that when a client workstation browses the web, our firewall (all client workstations and WinGate are behind a firewall) sees the IP address of the WinGat server as the source IP, not the actual IP address of the workstation. We are thus unable to apply web browsing rules on the firewall based on the IP addresses of the workstations, as the firewall does not see the actual source IP of the workstation.
Is there a way to configure WinGate in some transparent mode so that, when clients browse the web, the firewall sees the actual IP of the workstation and not WinGate?
Jan 04 19 5:14 pm
Normally WinGate is used to provide the web browsing rules, so it's unusual to have an upstream firewall doing this per client IP.
Since WinGate is a proxy, the connections it makes on behalf of clients come from its own IP, there's no way around that. However, you can configure WinGate to connect to an upstream proxy (the firewall) and tag the original client IP in an X-Forwarded-For header.
Would this help - is the firewall able to use XFF?
With flow-chart policy in WinGate you could add other headers as well.
Adrien de Croy
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.