Block IPS
Moderator: Qbik Staff
3 posts
• Page 1 of 1
Block IPS
by superboy143 » Feb 20 07 11:41 pm
I have installed wingate on a network with static ip addresses. I want to restrict access to proxy and give access only to specific ip addresses. How can I do this.
- superboy143
- Posts: 1
- Joined: Feb 20 07 11:38 pm
by logan » Feb 21 07 6:50 pm
Hi,
You can obtain your desired result by using access policies in the WWW Proxy server.
Gatekeeper -> Service tab -> WWW Proxy server -> Policies
First, change the default rights to either "Are ignored" or "MUST also be granted" to stop the system policies from overriding the service policy.
Click "Add" to make a new policy and goto the "Location" tab.
Select the "Specify requests..." radio button.
Enter 127.0.0.1 into the included locations. You will also need to add your network ip range to the included locations using a * for the host id section of the IP range. e.g. my network uses 192.168.70.0 to 192.168.70.255, so I would enter 192.168.70.* into my included locations.
You can now add the specific computers that you want to deny access to the proxy, to the excluded locations and click OK when you are done.
The IP addresses in the excluded locations of the policy should now be denied access to the proxy.
Logan
You can obtain your desired result by using access policies in the WWW Proxy server.
Gatekeeper -> Service tab -> WWW Proxy server -> Policies
First, change the default rights to either "Are ignored" or "MUST also be granted" to stop the system policies from overriding the service policy.
Click "Add" to make a new policy and goto the "Location" tab.
Select the "Specify requests..." radio button.
Enter 127.0.0.1 into the included locations. You will also need to add your network ip range to the included locations using a * for the host id section of the IP range. e.g. my network uses 192.168.70.0 to 192.168.70.255, so I would enter 192.168.70.* into my included locations.
You can now add the specific computers that you want to deny access to the proxy, to the excluded locations and click OK when you are done.
The IP addresses in the excluded locations of the policy should now be denied access to the proxy.
Logan
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by jamesc » Feb 21 07 9:38 pm
Logan's way will work too, but instead of placing ip addresses into each server/service that you want to allow access to, you could use User Assumptions instead. i.e.
You could use the "Assume users by ip address" option, and then modify the System Policies to state that the "Everyone" group must have an authentication level of "User may be assumed". - This will allow all your users to be authenticated when connecting to WinGate. You could then navigate to the WWW Proxy Service --> Policies, change the "Default Rights" menu to "Must also be granted", and then add in the users/groups who can access the WWW Proxy Server.
Assume by ip address:
*The "System Policy" option is below the "Assumed Users" option shown in the red box.
**You may also want to turn on Intercepts for port 80 in the WWW Proxy Server --> Sessions, so that other connection methods to a remote server on port 80 are pushed up through the WWW Proxy Server so your polices can be applied.
***The NAT connection method is controlled by the Extended Networking Service (ENS) policies. The WinGate Internet Client (WGIC) connection method is controlled by the Winsock Redirector Services (WRS) policies.
You could use the "Assume users by ip address" option, and then modify the System Policies to state that the "Everyone" group must have an authentication level of "User may be assumed". - This will allow all your users to be authenticated when connecting to WinGate. You could then navigate to the WWW Proxy Service --> Policies, change the "Default Rights" menu to "Must also be granted", and then add in the users/groups who can access the WWW Proxy Server.
Assume by ip address:
*The "System Policy" option is below the "Assumed Users" option shown in the red box.
**You may also want to turn on Intercepts for port 80 in the WWW Proxy Server --> Sessions, so that other connection methods to a remote server on port 80 are pushed up through the WWW Proxy Server so your polices can be applied.
***The NAT connection method is controlled by the Extended Networking Service (ENS) policies. The WinGate Internet Client (WGIC) connection method is controlled by the Winsock Redirector Services (WRS) policies.
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 6 guests