Hello,
My clients connect through and authenticate by WGIC. I use TR on WWW and POP3 Proxy. I have one client I want to restrict by time. My thought was that I would apply time restriction to WRS thereby not letting access through, but with TR enabled this doesn't happen. Is this by design? Does it have to be this way? Can't I have my cake and eat it too? I guess I am looking only to change one policy rather than two or more to achieve time restriction. I know that my coffee level today is somewhat lower than normal and perhaps the gray matter is not quite up to speed yet ... am I missing something? TIA
WRS time restriction not enforced if TR enabled
Moderator: Qbik Staff
4 posts
• Page 1 of 1
by labull » Nov 19 03 5:21 am
Chris,
Session Tab sez - "Redirect ENS and WGIC sessions".
My guess is that it grabs the packet before it gets to NAT or WRS and sends it to the proxy.
Larry
Session Tab sez - "Redirect ENS and WGIC sessions".
My guess is that it grabs the packet before it gets to NAT or WRS and sends it to the proxy.
Larry
Last edited by labull on Nov 19 03 9:11 am, edited 1 time in total.
- labull
- WinGate Guru
- Posts: 710
- Joined: Sep 06 03 1:03 am
- Location: Washington, DC - USA
by ChrisH » Nov 19 03 9:08 am
Larry,
Ya, I tend to agree with you but traffic stops until client authenticates at WRS. My logic is if WRS has stopped packet waiting for authentication because it is part of WRS policy then it should "honour" the other WRS policies, but it seems if TR is enabled on WWW proxy, WRS just sends it on - doesn't check the rest of WRS policies.
This is setup I have in case this is confusing. WIN98 client, WGIC 5.1 to XP WG 5.1 server, WRS policies - user must be authenticated and a time restriction. WWW proxy, TR enabled, user can be assumed. So in this setup when client uses IE they are required to authenticate but then are able to browse. Turn off TR and policy is enforced - client unable to browse. In fact all other WRS policies are then enforced. BTW I think I uncovered a slight issue when trying this all out. If TR is not enabled and a WRS Ban List policy - "Client application name contains iexplore" is set, this Ban list policy is not followed, but if same policy is set to "NOT client application name contains iexplore" then IE is not allowed which is backwards to my way of thinking. Oh, but I'm on the other side of the world from NZ and things are sometimes reversed from Northern to Southern Hemisphere :)
Anyway, IMHO I think all WRS policies should be met before moving packet on, but maybe there is something else going on.
Ya, I tend to agree with you but traffic stops until client authenticates at WRS. My logic is if WRS has stopped packet waiting for authentication because it is part of WRS policy then it should "honour" the other WRS policies, but it seems if TR is enabled on WWW proxy, WRS just sends it on - doesn't check the rest of WRS policies.
This is setup I have in case this is confusing. WIN98 client, WGIC 5.1 to XP WG 5.1 server, WRS policies - user must be authenticated and a time restriction. WWW proxy, TR enabled, user can be assumed. So in this setup when client uses IE they are required to authenticate but then are able to browse. Turn off TR and policy is enforced - client unable to browse. In fact all other WRS policies are then enforced. BTW I think I uncovered a slight issue when trying this all out. If TR is not enabled and a WRS Ban List policy - "Client application name contains iexplore" is set, this Ban list policy is not followed, but if same policy is set to "NOT client application name contains iexplore" then IE is not allowed which is backwards to my way of thinking. Oh, but I'm on the other side of the world from NZ and things are sometimes reversed from Northern to Southern Hemisphere :)
Anyway, IMHO I think all WRS policies should be met before moving packet on, but maybe there is something else going on.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by labull » Nov 19 03 9:20 am
Chris
Yeah, must be difficult for them to be upside down all the time.
The when & where of policy enforcement does seem to be rather confused.
Larry
other side of the world from NZ and things are sometimes reversed from Northern to Southern Hemisphere
Yeah, must be difficult for them to be upside down all the time.
The when & where of policy enforcement does seem to be rather confused.
Larry
- labull
- WinGate Guru
- Posts: 710
- Joined: Sep 06 03 1:03 am
- Location: Washington, DC - USA
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests