WinGate Forums

[BEKeeper]

L.S.

I've been trying to get a communication application to work behind WinGate and I've been running into problems. As I'm not the only one with this problem within the project team, a lot of troubleshooting has been performed by others. One seems to have found a solution. "I reconfigured our firewall to allow https traffic (TCP port 443) directly to the IP <xxx.xxx.xxx.xxx>.

As this might be the solution to my problem as well, my question to you is the following: how do I perform this task in WinGate?

I'm using WinGate 6.0.4.

[logan]

Hi Peter,

6.0.4 is a pretty old version of WinGate now. The latest is 6.6.3. Are you able to set up 6.6.3 on a test server to ensure that the problem hasn't already been fixed?

I believe "allow https traffic (TCP port 443) directly" means to allow port 443 traffic through NAT. This is the default behaviour unless the client is manually configured to use a www proxy server, in which case HTTPS connections will be made through the proxy rather than through NAT. You can configure your internet browser to not use the specified proxy for HTTPS traffic and this should let HTTPS out directly.

1. Control panel -> Internet Options -> Connections tab -> LAN settings -> Advanced
2. Uncheck "Use the same proxy server for all protocols"
3. Blank the 'Secure' address and port

If you're still having problems, can you get the following information, and send it to support@qbik.com for me. This will provide information about your current WinGate configuration and network topography.

1. WinGate Registry
GateKeeper --> Options menu --> Advanced --> Save Registry

2. WinGate Config Report
GateKeeper --> Options menu --> Advanced --> Save Config Report

3. ipconfig/all from one LAN Client
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa-client.txt

4. ipconfig/all from the WinGate Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa-server.txt

[BEKeeper]

Logan,

I've collected the requested logfiles and sent them off to you.

When I blanked the Secure address and Port in IE I got "Internet Explorer cannot display the webpage".

Will try some more options and get back to you.

[BEKeeper]

Logan,

I just realised internet DNS doesn't reach the workstations. I've added the required names and IP addresses to the hosts file, and it seems to work now.
The question that remains now if this is a workable situation, but i'll get back to you on that one.

Any ideas on how to realise a situation with the direct access to HTTPS, but with internet DNS available at the workstation? I'm guessing the reason we have this set up as it is, is for security reasons, and I wouldn't want to compromise anything in that department.

Would I be required to change anything on the domain DNS or can I use the WinGate DNS service (which is currently disabled) in parallel?

Answer one question, get lots more.... If it's too far off-topic, let me know.

[logan]

You can configure your domain DNS server to forward unresolvable (Internet) domain name lookups to an external DNS server. This means that any clients with their DNS pointed to the domain DNS server will be able to resolve internet domain names through that server as well. I believe this is done through the forwarders tab of your domain servers DNS properties. Here is a technet article on the subject that might help.

http://technet.microsoft.com/en-us/libr ... 22543.aspx

[logan]

I also recommend testing WinGate 6.6.3 to see if it works with your communication software, as you may be able to simply upgrade and not make any major network changes at all.

[BEKeeper]

Logan,

Thanks for your quick replies and the article. I'll be looking into that.

I'll have a talk with the management here to find out how much longer they'll be wanting to continue with the current setup and equipment. It's quite old, and I'm guessing this communication application won't be the last new thing to be introduced in our way of working in the coming period.