Want to use Puresight & WGIC only

Forum for support for the PureSight for WinGate content filtering plugin

Moderator: Qbik Staff

Want to use Puresight & WGIC only

Postby deonroelofse » Jul 10 12 3:39 am

Hi

I am using Wingate 7

I am using the WGIC on user PCs to prevent any unauthorized programs from gaining HTTP access, which is great.

I am also using the new Puresight and the WWW proxy service is enabled and intercepting port 80 so that the Winsock Redirector service can pass HTTP traffic from a WGIC connected PC through to Puresight.

All of the above works great, except for one thing: Port 80 on the Wingate PC is now open on the same internal ethernet adapter that is used to connect to the WGIC PC. This means a PC user can quit the WGIC application and then surf through port 80 of the proxy on the Wingate PC.

I tried changing the proxy port to 8888 so I can block it with a Policy on the adapter but I still had to intercept port 80 for puresight to work, and then the proxy is open on port 80 on the adapter again.

I have tried various policies checking the source port of the connecting client hoping I could find port 2080 of the Winsock redir service so I can allow those connects through to the WWW proxy and dump the rest ( coming from outside on the LAN ).

How can I create a policy that can determine if a client connects via the local Winsock redirector service or from the internal adapter ( from the LAN ) ?

If I know how to do this, I can block clients connecting to the WWW proxy without using the WGIC.

Please help, I really need to get this working!

Thanks
Deon.
deonroelofse
 
Posts: 2
Joined: Jul 10 12 3:13 am

Re: Want to use Puresight & WGIC only

Postby adrien » Jul 13 12 12:36 am

Hi Deon

Even though the web proxy may run on another port (e.g. 8888) it still can intercept port 80 without being available on it.

However, it may just be a matter of time until people find that new port.

You can tell if the connection was direct to the proxy or intercepted.

Check Session.IsIntercepted

if that's true the session was intercepted (WGIC, SOCKS or NAT).

You may then need to lock down NAT / SOCKS.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to PureSight for WinGate

Who is online

Users browsing this forum: No registered users and 3 guests

cron