Active-Sync through WWW-Proxy Service

Discussion for beta versions of WinGate

Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 04 11 11:59 pm

Hello Adrien,

is it possible to make ActiveSync (SSL) from extern through Wingate WWW-Proxy Service to a Exchange-Server behind Wingate (IP is different from Wingate PC) and how can i do it?

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 05 11 12:43 am

Hi

for SSL connections back through, there's not much point going through the web proxy - just forward port 443 to your exchange server using an extended networking port redirect.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 05 11 1:20 am

Hi,

OK, thank you!

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 07 11 10:55 pm

Hi Adrien,

i tried it with extended networking an port redirect and it works fine, but i have one Problem.
I use this connection for Active-Sync, OMA, OWA and some SSL-Connections to my internal Webserver.

For a better security I would like to check some things with policies eg URL, with extended networking does not seem to be possible unfortunately.

Is there a way to solve it different.

Thanks for help.

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 08 11 1:29 pm

Hi

You can bind the HTTP proxy to the external interface with SSL set on the binding.

But unless you use a real certificate (rather than the self-signed ones that WinGate generates) you will get certificate warnings in your clients.

It is possible to use "real" certificates, but there are a few steps.

WinGate 7 WWW proxy will make an SSL connection upstream (in your case to your internal server) if the client-side connection used SSL.

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 09 11 10:57 pm

Hi Adrien,

can you tell me the steps for use a real certificate?

Thanks!!!

Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 09 11 11:36 pm

ok, basically you need to

1. generate a certificate in WinGate, with a password (need to select [x] Encrypt Certificate on the first page).
2. get your real certificate converted to PEM format, with the private key exported (in the PEM) using the same password as the WinGate key you generated
3. Replace the WinGate-generated certificate file, with the real one in WinGate\Certificates

The trick is converting the real cert to PEM format with private key. If the cert is in your certificate store, you can export it with the certificates MMC, include the private key. Then you can use various utilities to convert the exported file (usually pkcs7 or pkcs12) to PEM. OpenSSL has a command line utility for this.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 10 11 2:15 am

Hi,

If only I had not asked, I'll try it. :-)

Thanks!!!

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 10 11 7:57 pm

Hi Adrien,
 
I installed a new Web Proxy service and bind it to an external adapter with SSL set on the binding. Under Webserver i set "Reverse Proxy" to the internal IP of my Server and the Port to 443.
 
It doesn't work, when i set the Port under Webserver to 80 then it works (not for OWA), and that is no longer safe.
 
I tried it with Wingate-Certificate und with my Certificate (convertet to pem) in Wingate.
 
What am I doing wrong, any Idea?
 
Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 11 11 1:12 pm

Hi

What errors do you see on the client?

This should work. Do you know if the certificate is being accepted by the client?

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 11 11 7:25 pm

Hi Adrien,

In client the Certificate (Wingate Certificate) is displayed as not trusted and I must confirm it, then there happens nothing.
 
When I set the port in the Web Server settings under Reverse Proxy to Port 80, then I must also confirm the Certificate, but then ActiveSync and some Sites (not OWA) works.
 
But I think this is not the solution, and this connection is not encrypted and I need also OWA.

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 15 11 8:47 pm

Hi,

any Idea to solve the problem?
This feature would be very important to me in Wingate7.

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 15 11 8:52 pm

HI

do you know if the client is making some non https requests? e.g. some secure, but some other embedded non-secure pages?

I'm just wondering if it's trying to also hit port 80 on the proxy as well as 443. Do you have this proxy also bound to that port?

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 15 11 9:57 pm

Hi,

No, it makes only https requests and I have only port 443 on the Bindings.
But when I set the port in the Web Server settings under Reverse Proxy to Port 80, then the connection is forwarded on Port 80 from Wingate to my Server.
I think the connection then is unencrypted from Wingate to my server. In OWA that does not work, it seems there are several active frames who doesn't support this, and the connection should also be encrypted from Wingate to my server.

The problem is that forwarding on port 443 of Wingate to my server is not working and I can not find the reason.

I hope my English is good enough to explain the problem correctly.

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 17 11 12:17 pm

Are all these secure services on the same computer behind WinGate, or different ones?

Would it be possible to do a packet capture of what is happening between WinGate and the internal server on port 443?

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 19 11 8:51 pm

Hi,
 
yes all these services are running on the same server behind Wingate.
 
I've tried to do a packet capture, but it brings no result.
 
I have no idea anymore what can I even try, I will go back to extended networking and port redirect.
 
Would it be possible for you to create the same constellation in Wingate7 and look if it works for you?
 
Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Aug 20 11 10:47 am

HI

if the internal server is the same for all redirected sites, then a ENS redirect should work fine.

I'll have to do some testing here.

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Aug 20 11 7:12 pm

Hi,

Thanks for your help and tests!

Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Oct 26 11 4:54 am

Hi Adrien,

there are already new insights into this problem?

regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Oct 26 11 9:12 am

Hi

maybe the best option is to try remote assistance with TeamViewer (recommended), VNC, RAdmin or Remote Desktop.

If this is possible, send us connection information to support@wingate.com and we can have a look.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby adrien » Feb 15 13 8:51 pm

we found an issue recently that would have affected this. The reverse proxy connection to the internal server would not have been using SSL.

We have a build that fixes this, email support@wingate.com if you want to try it.
adrien
Qbik Staff
 
Posts: 5217
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Active-Sync through WWW-Proxy Service

Postby Niwre » Feb 16 13 10:51 pm

Hi Adrien,

Great, now it works!
Thank you so much!

Regards
Niwre
Niwre
 
Posts: 39
Joined: Jun 14 11 2:14 am


Return to WinGate Beta

Who is online

Users browsing this forum: No registered users and 1 guest