PureSight with the WGIC client?

Forum for support for the PureSight for WinGate content filtering plugin

Moderator: Qbik Staff

PureSight with the WGIC client?

Postby Bill.Bowen » Dec 31 03 8:38 am

Recently, our company purchased a 25-user PureSight plugin (with a 2-year subscription) for our Wingate 5 Enterprise server. The majority of our users (100+) connect via WIN2K clients using WGIC to securely authenticate with our DC. Can I re-route their WWW traffic through the plug-in via ENS? If not, is there some other way to use this plug-in? I don't have the option of dumping WGIC from the clients...
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby labull » Dec 31 03 9:58 am

Bill,

PureSight works in conjunction with the WWW Proxy Service.

In WWW Proxy - Sessions Tab - Check the Redirect ENS and WGIC Sessions box. This will route all ENS and WGIC WWW traffic through the WWW Proxy service.

Also be sure that PureSight for WinGate appears in the Plug-Ins Tab of WWW Proxy and is checked.

Let us know how it goes.

Larry
WinGate Lurker
labull
WinGate Guru
 
Posts: 710
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby Bill.Bowen » Dec 31 03 10:11 am

Hmmm. That's how my WWW Proxy is configured. The proxy is on port 85 though, instead of 80, because a webserver coexists with Wingate on the same box. Should it work if I redirect "Local computers to the Internet" using port 80 to 0.0.0.0:85 or is there more to it? How can I tell? Thanks.
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby labull » Dec 31 03 10:19 am

If the WGIC clients are using port 80 for HTTP then I would think they would be getting around the redirection.

The way to tell may be to watch the Activity screen in GateKeeper and see it the connections show as WWW, NAT or WGIC.

Is the locally hosted web site accessed internally, externally or both?

Larry
WinGate Lurker
labull
WinGate Guru
 
Posts: 710
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby Bill.Bowen » Dec 31 03 2:39 pm

Most webserver traffic (95%) is external.

I have made the port 80->85 redirect and have been watching the traffic. Right clicking on users' http requests in GateKeeper indicates that some of the traffic is going through the WWW Proxy and some is through the Winsock Redirector. Don't understand why they're different but one problem at a time. PureSight doesn't appear to be working anyway. I surfed a few sordid sites for testing purposes, of course. No filtering occurred. I even lowered the plugin slider to 1% on Sex. Still nothing. When I use Proxy Settings in IE to the WWW Proxy, PureSight works.

If I bind the webserver to my external adapter and bind the WWW Proxy to port 80 on the internal adapter, will the WGIC http traffic go through the plugin?
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby labull » Dec 31 03 3:13 pm

If I bind the webserver to my external adapter and bind the WWW Proxy to port 80 on the internal adapter, will the WGIC http traffic go through the plugin?


I'm thinking that's the right answer. Sorry, haven't used WGIC in a long time so I can't be confident.

Hopefully one of the developers (not so subtle hint) will rescue us if we drift too far afield.

Larry
WinGate Lurker
labull
WinGate Guru
 
Posts: 710
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby adrien » Dec 31 03 3:50 pm

OK, redirection only works on the same port, so if the WWW Proxy wasn't on port 80, then it wouldn't intercept anything useful.

There are a couple of ways around this depending on your web server software.

If you can bind your webserver to a specific interface like you suggest, you should be able to run the proxy on port 80 bound to the internal interface with the server bound to external.

Otherwise, if you can run the web server on another port, you could use an ENS redirect for connections coming in from the internet to redirect to IP address 0.0.0.0 but override the port, and set it to the new port the server is running on.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Bill.Bowen » Jan 01 04 6:07 am

Thanks! Got it working, somewhat. Bound the webserver to port 80 of the external adapter. Bound the WWW Proxy to port 80 of the internal adapter. The WGIC http traffic is now driving through the PureSight (& KAV?) plugin. Now I've began encountering other problems.

1. Some sites are being blocked due to their potential sexual/gambling references, regardless of my Allow entry in the plugin configuration. Just how does the Allow function work then? I even have some of my own website being blocked for some inexplicable reason...

2. Internal users can no longer access the restricted areas of our website.

Is there some better documentation for the plugins? What I've got is extremely skimpy...
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby labull » Jan 01 04 6:51 am

Bill,

If PureSight is working AV should be also.

For entries in the allow list - less is better.

i.e. put in bubbas.com rather than an entire URL. That allows anything with bubbas.com in it to not be subject to PureSight.

Larry
WinGate Lurker
labull
WinGate Guru
 
Posts: 710
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby Bill.Bowen » Jan 01 04 7:04 am

The Allow list is not working at all...
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby labull » Jan 01 04 8:26 am

Does the ban list work?

You could add something like washingtonpost and see if www.washingtonpost.com get blocked.

Larry
WinGate Lurker
labull
WinGate Guru
 
Posts: 710
Joined: Sep 06 03 1:03 am
Location: Washington, DC - USA

Postby Bill.Bowen » Jan 01 04 9:51 am

The Allow list is not working. The Ban list does work. Blocked washingtonpost, as you suggested. Works as advertised.
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby Bill.Bowen » Jan 07 04 11:12 am

Qbik: Is the ALLOW function broken in PureSight or what? It's not working for us. If it is broken, when is it going to be fixed? Thanks.
Bill.Bowen
 
Posts: 51
Joined: Dec 30 03 3:31 am
Location: Altus AFB, OK

Postby erwin » Jan 07 04 2:42 pm

Hi Bill

Just gave Puresight a quick once over and the allow list for Puresight plugin is working fine. I agree from the helpfile it is a little light on detail which we will look at, but here is the main points:
(these apply to both Allow and Ban tabs)

1. If you enter a specific URL in the list (e.g www.wingate.com) anytime that URL or a URL containing www.Wingate.com is requested(e.g www.wingate.com/features/sample.html). it will be affected
So as Larry suggested less is better, as sites will often redirect or append most basic URLS when they are requested.

For example if I enter www.sex.com from here in New Zealand the URL is changed by the Webserver to www.sex.com/newzealand, but because I had entered simply sex.com on the Ban tab, this site is also blocked.

2. If you add single words to the allow/ban lists, URL'S containing these words will also be affected, so as an example, entering "com" in the ban list will result in blocking all .com sites.

3. If there are already sites specifically banned in the Banned sites of the WWW proxy service, this will overide any sites that you may put in the "allow" tab of Puresight filter.

Hope this helps

Erwin
erwin
Qbik Staff
 
Posts: 408
Joined: Sep 03 03 2:54 pm


Return to PureSight for WinGate

Who is online

Users browsing this forum: No registered users and 13 guests

cron