Many questions and a few comments after reading Wingate help

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Dec 22 09 8:18 pm

Logan,

Sorry for my being annoying, but there are still some questions\isuues unanswered\unsolved:
1. How to check if PureSight is updating its DB and see the DB date?
2. Why download managers can not support resume when downloading via proxy even after adding the required site (e.g. symantec.com) to the "whitelist" both in KAV and PureSight?
P.S. While downloading via pure NAT (no interception by proxy) everything works fine.
3. How to allow downloads of encrypted archives and other files which KAV does not "like"?
It seems to me the reason is in the fact KAV can't open such files for checking and block them. How to change its behaviour?
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby logan » Dec 22 09 9:59 pm

1. How to check if PureSight is updating its DB and see the DB date?

Check the last modified date of the StatListDb file from the Puresight folder. This will indicate when the file was last updated. If it doesn't seem to be updating, make sure updating is enabled in Puresights configuration.

2. Why download managers can not support resume when downloading via proxy even after adding the required site (e.g. symantec.com) to the "whitelist" both in KAV and PureSight?
P.S. While downloading via pure NAT (no interception by proxy) everything works fine.

Can you take a couple of screenshots of the symantec overrides you have set up for the forum. Thanks.

3. How to allow downloads of encrypted archives and other files which KAV does not "like"?
It seems to me the reason is in the fact KAV can't open such files for checking and block them. How to change its behavior?

I don't see anywhere that scanning of encrypted archives can be disabled, but you can change what KAV does upon various scanning results. See GateKeeper -> Plugins -> Kaspersky AntiVirus for WinGate -> Settings -> Advanced. Here you can set things like unexpected errors to pass the file on instead of quarantine.
logan
Qbik Staff
 
Posts: 671
Joined: Oct 19 06 2:49 pm
Location: Auckland, New Zealand

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Dec 23 09 12:10 am

1.
logan wrote:Check the last modified date of the StatListDb file from the Puresight folder. This will indicate when the file was last updated. If it doesn't seem to be updating, make sure updating is enabled in Puresights configuration.

Ok, thank you.
BTW: by default autoupdate is disabled in PS v.2!?

2.
logan wrote:Can you take a couple of screenshots of the symantec overrides you have set up for the forum. Thanks.

During screenshots creation I found an error in my configuration: in PS I allowed url only, not the whole site. It was corrected (do I need to stop\start Wingate engine?), but there is no changes: downloads via Proxy does not support resume, while the same downloads via pure NAT does. I attach new settings shots.
P.S. I am not sure if "drip-feed" option can also influence on this. But without that option you can not even see downloading progress, not only resume support...

3.
logan wrote:I don't see anywhere that scanning of encrypted archives can be disabled, but you can change what KAV does upon various scanning results. See GateKeeper -> Plugins -> Kaspersky AntiVirus for WinGate -> Settings -> Advanced. Here you can set things like unexpected errors to pass the file on instead of quarantine.

Ok, I changed settings for "unexpected failure" and "unknown error". I'll test it now.
P.S. I want to mention, that although by default it is "Quarantine file" set, even after I resumed the file I did not find any files in the appropriate folder.
Attachments
PS_Overrides.GIF
PS_Overrides.GIF (21.14 KiB) Viewed 160375 times
KAV_Overrides.GIF
KAV_Overrides.GIF (20.84 KiB) Viewed 160375 times
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Dec 23 09 12:54 am

Report on issue 1.
- I see two files in PureSight\Stlst folder with .dat and .idx extensions and their date is: 02.09.04!
Although Autoupdates option in PS is enabled!

I am suspecting the problem could be in the fact Wingate server itself has no DNS servers specified in its WAN tcp\ip settings (DNS servers are specified directly in DNS Resolver). If PS is updated not via port 80 (on which our web proxy is working), then this could be the reason (KAV is updated via port 80 and is updated regularly, I check it from time to time).
What do you think?


Report on issue 3.
- I sent an encrypted rar file to myself successfully.
- I failed to download that file - failed with the message ~ about KAV was not able to scan the file and it was blocked. => I changed the option "non-scanned" to "Pass file on" value. - I was able to download the file.
=> To be able to download encrypted archives one should change GateKeeper -> Plugins -> Kaspersky AntiVirus for WinGate -> Settings -> Advanced -> "Non-scanned" option value to "Pass file on"!

But some files, like TeamViewer_Setup from teamviewer.com failed to download, it comes till 75% and then failes with this error message: "... There was an unexpected failure scanning file".
I don't know what is wrong with TeamViewer_Setup.exe or many other files, which we can't download (I suppose KAV cann't open file container to make scan). Anyway, for this type of errors I tried to change the "unexpected failure" option to "Pass file on" value and it works!
=> To be able to download other type of files, which (I don't know why) can not be scanned by KAV with the message "... There was an unexpected failure scanning file", one should change GateKeeper -> Plugins -> Kaspersky AntiVirus for WinGate -> Settings -> Advanced -> "Unexpected failure" option value to "Pass file on"!

I am quite confident with the first change (under condition users will download encrypted archives from the known persons), but I am not sure (quite the contrary) the second one is secure! I think, I'll change it back. This will be inconvenient, but more secure...
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Jan 12 10 1:25 am

Dear Logan,

1. I have checked right now PureSight is not updating its dbase - no file in PS folder was changed since installation!
Autoupdate is activated.
P.S. May be this is important: from the begining, as you remember, I installed PS v.3, but it did not work (was not picked up by any services), was uninstalled and then I installed PS v.2.


2. Download managers still can not support resume when downloading via proxy. Both KAV and PS have the required site (e.g. symantec.com) exclusion (site-wide, not single url)!
While downloading via pure NAT (no interception by proxy) everything works fine.
The issue is still unsolved.


3. I have a very serious problem, I created a ticket with "critical" severity, but did not received any answer.
The problem happens during regular work: a random http Proxy request makes Wingate crazy - it starts making hundreds of DNS requests per second - after a couple of minutes I see thousands DNS requests made from Wingate machine by Wingate DNS service.
The last example was 07.01.2010 when only 2 users were active and one requested www.mosix.org.
As a result the logs of DNS Resolver and DNS service have more than 140MB size!!! Just for 1 day serfing of 2 users!
As I described in the support ticket, Wingate machine uses 100% CPU and almost hangs, at the end you cann't even login into Gatekeeper. Only restart helps but in 15-30 minutes the problem repeats.

Software installed on Wingate machine: XP SP3 with critical updates till 15.12.2009, Wingate 6.6.4 + KAV (autoupdated every day) + PS, plus only Opera 9.64, AReader 9 and SAV CE 10 antivirus.
SAV CE autoupdates every day and each night makes Full scan, I am quite confident there is no viruses on Wingate machine (I have to mention, sometimes Symantec finds viruses in the Cache folder, which means KAV periodically misses some viruses...)

07.12.2009 after the problem repeatedly occured I deleted DNS server ip from Wingate WAN TCP\IP properties (From the begining I had not specified it because did not want for my admins to surf Internet directly, walking around Proxy service => KAV, but I periodically used to set it back to use direct Internet connection from Wingate, when want to measure pure Internet connection speed and etc. Last time I specified the DNS ip when was thinking PureSight is not updating because it cann't read IE settings and use proxy, and need direct\NAT connection. - BTW, this did not help to PS updates).

Today I see no problem, also the DNS service log is just 8KB, and DNS Resolver log - 2MB.

Please help to define the reason of the problem. I am not sure it is connected to DNS server ip specified on Wingate WAN TCP\IP properties, but this is the only thing I changed.


4. Why DNS service log is 8KB only when DNS Resolver log is more than 2MB!?
You had told me, DNS service is necessary if I have no any DNS server on my LAN and simply specifying ISP DNS ip in the DNS Resolver is not enough to provide users with Internet. Or may be Resolver works always, but DNS service only for NAT users?! (95% of my users use Proxy, may be here is the answer? If yes, then in fact DNS service on Wingate is necessary only if you provide NAT (the question is still about the cases when we have no other DNS server on LAN)?!)
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Jan 27 10 9:20 pm

Guys, why noone answers my questions? I am waiting for a month already...

P.S. I am registered Wingate Ent. edition user.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 22 10 2:41 am

3 months past.
Repeating my questions again:

1. I have PureSight 2 installed and it is not updating its dbase - no file in PS folder was changed since installation!
Autoupdate is activated!
P.S. May be important: from the begining, I installed PS v.3, but it did not work (could not be picked up by any service) and was uninstalled and replaced by PS v.2.

2. Download managers do not support resume when downloading via proxy. Both KAV and PS have the required site (e.g. symantec.com) exclusion (site-wide, not single url)!
While downloading via pure NAT (no interception by proxy) everything works fine.
The issue is still unsolved.

3. At the end of the last year I had a critical problem, I created a ticket with "critical" severity, but did not received any answer. ;-(
The problem happens during regular work: a random http Proxy request makes Wingate crazy - it starts making hundreds of DNS requests per second - after a couple of minutes I see thousands DNS requests made from Wingate machine by Wingate DNS service.
The last example was 07.01.2010 when only 2 users were active and one requested http://www.mosix.org.
As a result the logs of DNS Resolver and DNS service have more than 140MB size!!! Just for 1 day surfing of 2 users!
As I described in the support ticket, Wingate machine uses 100% CPU and almost hangs, at the end you cann't even login into Gatekeeper. Only restart helps but in 15-30 minutes the problem repeats.

Software installed on Wingate machine at the moment: XP SP3 with critical updates till 15.12.2009, Wingate 6.6.4 + KAV (autoupdated every day) + PS, plus only Opera 9.64, AReader 9 and SAV CE 10 antivirus.
SAV CE autoupdates every day and each night makes Full scan, I am quite confident there is no viruses on Wingate machine.

07.12.2009 after the problem repeatedly occured I deleted ISP's DNS server ip from Wingate machine WAN TCP\IP properties (OS settings).
From the begining I had not specified it because did not want for my admins to surf Internet directly, walking around Proxy service, but I periodically used to set it back to use direct Internet connection from Wingate, when want to measure pure Internet connection speed and etc. Last time I specified the DNS ip when was thinking PureSight is not updating because it cann't read IE settings and use proxy, and need direct\NAT connection. - BTW, this did not help to PS updates.

Since that day I never set ISP's DNS server ip in WAN TCP\IP properties. And since then did not have the problem again. So the problem is appearing when ISP's DNS server ip is set in Wingate machine's WAN TCP\IP properties...
Do you have any similar issues from other users? And what is your suggestions?

4. Why Wingate DNS service log is much smaller than DNS Resolver log!?
You had told me, DNS service is mandatory in case I have no any DNS server on my LAN and simply specifying ISP's DNS ip in the DNS Resolver is not enough to provide users with Internet. Is this correct?

As 95% of my users use Proxy, I had a thought the DNS Resolver works always, while DNS service - only for NAT users!? (I mean DNS requests for site names requested via Wingate proxies are done directly by the resolver...). Is this the case?
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby adrien » Mar 23 10 1:02 pm

Hi

sorry, I only just saw these extra posts on this long topic. I didn't see either a support ticket about going to certain sites causing DNS resolver avalanche.

1. PureSight

The Puresight update issue should be solved with v3. I think it would be a lot more productive to debug issues relating to seeing PureSight 3 in your WWW proxy, than to try to debug issues with an older version not updating. Normally the refresh button in the plugins pane in the WWW proxy should make PureSight show up. There are a few steps we can go through to get it working - there aren't many links in the chain to break.

2. Download Managers / resume.

This is due to having Kaspersky AV installed. Because Kaspersky AV cannot guarantee the safety of any file that it doesn't see the whole of, it forbids files to be downloaded in parts. Downloading files in parts is what download managers do. If you create a whitelist entry in Kaspersky AV to bypass scanning for the particular site or URL, you can re-enable downloading in parts for that site/url.

3. DNS avalanche. I'll have a look into www.mosix.org. Thanks heaps for posting this one - it's always extremely useful to get repeatable cases. Question - do you have the cache enabled in the DNS resolver? We've found problems with certain types of lookups (following CNAME records and delegation) if caching is disabled. It can cause a lot of lookups. what's the IP of your ISP DNS server? We may need to try to test against it. An alternative could be to use an intermediate DNS server (say that you host yourself) to buffer between WinGate DNS resolver and the DNS server of your ISP. In fact I've been doing quite a bit of work on the DNS resolver for WinGate 7, and there are improvements in the algorithms for following delegations and referrals.

4. DNS service log vs DNS resolver log.

DNS service log only logs requests received from client machines that make DNS lookups. If they are set to use proxy, they won't use DNS for web surfing. DNS resolver (DNS Client) logs everything to do with DNS for entire WinGate, so the WWW proxy looking up the site to connect to for the client. So the DNS client is always a lot more busy than the DNS server.

Clients will do DNS lookups if they think they need to resolve a name to an IP to connect to. If they are set to use proxy, and you specify the proxy by IP, then web browsers won't need to make any DNS lookups. Other apps may still want to look up names. For NAT, the client thinks it is connecting directly to the end server, so needs to resolve the name with DNS. This also is the case for SOCKS, and the WinGate client.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 23 10 7:44 pm

Hm-m, finally get answers (I was thinking you are ignoring my messages advisedly).

adrien wrote:1. PureSight
The Puresight update issue should be solved with v3. I think it would be a lot more productive to debug issues relating to seeing PureSight 3 in your WWW proxy, than to try to debug issues with an older version not updating. Normally the refresh button in the plugins pane in the WWW proxy should make PureSight show up. There are a few steps we can go through to get it working - there aren't many links in the chain to break.

Ok, what do you want me to do?
I remind you, that from the beginning I installed PS v3 but it could not be picked up by proxies, and I had to replace it by PS v2 and it helped.
Should I try to upgrade PS v2 it to v3? If yes with or without uninstalling the previous version?
Do I need a new activation secrets for v3? (When in the past I used mine it activated ok, but just could not be picked up by proxies).
Instruct me.


adrien wrote:2. Download Managers / resume.
This is due to having Kaspersky AV installed. Because Kaspersky AV cannot guarantee the safety of any file that it doesn't see the whole of, it forbids files to be downloaded in parts. Downloading files in parts is what download managers do. If you create a whitelist entry in Kaspersky AV to bypass scanning for the particular site or URL, you can re-enable downloading in parts for that site/url.

Adrien, please read carefully what I have written:
2. Download managers do not support resume when downloading via proxy. Both KAV and PS have the required site (e.g. symantec.com) exclusion (site-wide, not single url)!
While downloading via pure NAT (no interception by proxy) everything works fine.
The issue is still unsolved.

I am downloading updates from here: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce, the download url example is: http://definitions.symantec.com/defs/20100322-004-x86.exe.
Meanwhile "symantec.com" is in site-wide exclusions for both KAV and PS!


adrien wrote:3. DNS avalanche.
Question - do you have the cache enabled in the DNS resolver? We've found problems with certain types of lookups (following CNAME records and delegation) if caching is disabled. It can cause a lot of lookups.

The DNS cache was enabled from the first day and the option have never been changed.
I am drawing your attention again on the fact:
...the problem is appearing when ISP's DNS server ip is set in Wingate machine's WAN TCP\IP properties (OS settings)...

And it disappears as soon as I remove ISP's DNS server ip from the machine WAN interface TCP\IP properties (I still have it also specified in DNS resolver settings).
This is the general fact you should pay attention on!

adrien wrote:what's the IP of your ISP DNS server? We may need to try to test against it.

It is useless to know as it is from the ISP's local subnetwork and is private address (192.168.65.25). (And that's the reason I am not using antispoofing option).

adrien wrote:An alternative could be to use an intermediate DNS server (say that you host yourself) to buffer between WinGate DNS resolver and the DNS server of your ISP.

I have Wingate DNS server enabled and I have ISP's DNS, why should I add one more point of failure? I'll prefer to keep working without specifying ISP's DNS ip on WAN TCP\IP settings, this is not critical for us (just losing direct Internet connection possibility from the Wingate machine, but it is a server and not meant to be used that way).
However, I think the problem is critical for you as it totaly prevents Wingate from functioning and I would like to know why it becomes crazy...


adrien wrote:4. DNS service log vs DNS resolver log.
DNS service log only logs requests received from client machines that make DNS lookups. If they are set to use proxy, they won't use DNS for web surfing.
DNS resolver (DNS Client) logs everything to do with DNS for entire WinGate, so the WWW proxy looking up the site to connect to for the client. So the DNS client is always a lot more busy than the DNS server.
Clients will do DNS lookups if they think they need to resolve a name to an IP to connect to. If they are set to use proxy, and you specify the proxy by IP, then web browsers won't need to make any DNS lookups. Other apps may still want to look up names. For NAT, the client thinks it is connecting directly to the end server, so needs to resolve the name with DNS. This also is the case for SOCKS, and the WinGate client.

Ok, resuming: in case of Wingate NAT, WGIC and SOCKS clients set up to use Wingate DNS server - the clients make DNS requests to Wingate DNS server (and the latter, in his turn, asks DNS Resolver to make request to ISP's DNS), while in case of Wingate proxy users only proxy server itself is making DNS requests and, as it is located on the same machine, it asks directly DNS Resolver to make DNS requests to ISP's DNS server.

Absolutely clear now. All is as I have supposed:
As 95% of my users use Proxy, I had a thought the DNS Resolver works always, while DNS service - only for NAT users!? (I mean DNS requests for site names requested via Wingate proxies are done directly by the resolver...). Is this the case?

But again, you should add such information to the help. It could be usefull to know how your stuff works when troubleshooting or setting up the product.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby adrien » Mar 23 10 7:58 pm

HI Alen

I'm not sure that "symantec.com" will match against a URL in www.symantec.com. Also I'm not certain there weren't bugs in PureSight 2.x relating to whitelisted sites and removal of the Range header in HTTP requests. If any plugin says it needs the whole file, WinGate will suppress the Range header in requests, which is what download managers use for resume. You may need to add specifically www.symantec.com, and definitions.symantec.com separately. Otherwise you can use the rule for "URL contains" since that is then a pattern-matched test. I'm pretty sure "site-wide" means it only tests the site part of the URL, but it tests the entire servername, not parts of it.

As for hooking PureSight to the proxy, I'd suggest upgrading over an existing 2.x. You shouldn't need to re-activate, in any case it uses the same keys as 2.x.

Could it be possible to gain access to your ISPs server some how? Even via VPN, or a UDP mapping proxy or something from our server. Just so we can send some DNS requests to them and get the response that is causing the problem. We can map it via a different UDP port number... e.g we use a server here that doesn't do DNS serving, set up a UDP mapping on say port 8053 through to your public IP. Then you forward that to your ISPs DNS server on port 53 (after checking it's from our IP). Then we can test against your ISPs DNS server across the net.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 23 10 8:58 pm

adrien wrote:I'm not sure that "symantec.com" will match against a URL in www.symantec.com. Also I'm not certain there weren't bugs in PureSight 2.x relating to whitelisted sites and removal of the Range header in HTTP requests. If any plugin says it needs the whole file, WinGate will suppress the Range header in requests, which is what download managers use for resume. You may need to add specifically www.symantec.com, and definitions.symantec.com separately. Otherwise you can use the rule for "URL contains" since that is then a pattern-matched test.

Ok, I see, I'll try it.


adrien wrote:As for hooking PureSight to the proxy, I'd suggest upgrading over an existing 2.x. You shouldn't need to re-activate, in any case it uses the same keys as 2.x.

Ok, I'll do it and report.


adrien wrote:Could it be possible to gain access to your ISPs server some how? Even via VPN, or a UDP mapping proxy or something from our server. Just so we can send some DNS requests to them and get the response that is causing the problem. We can map it via a different UDP port number... e.g we use a server here that doesn't do DNS serving, set up a UDP mapping on say port 8053 through to your public IP. Then you forward that to your ISPs DNS server on port 53 (after checking it's from our IP). Then we can test against your ISPs DNS server across the net.

I'll think about it later and let you know.

Thank you.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 23 10 10:09 pm

I'm not sure that "symantec.com" will match against a URL in www.symantec.com.
Also I'm not certain there weren't bugs in PureSight 2.x relating to whitelisted sites and removal of the Range header in HTTP requests. If any plugin says it needs the whole file, WinGate will suppress the Range header in requests, which is what download managers use for resume. You may need to add specifically www.symantec.com, and definitions.symantec.com separately. Otherwise you can use the rule for "URL contains" since that is then a pattern-matched test.

Done: for KAV I added "definitions.symantec.com" with site-wide option and for PS - "definitions.symantec.com" with any url containing option.
Result: it works!
This problem is solved.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 24 10 8:22 pm

adrien wrote:As for hooking PureSight to the proxy, I'd suggest upgrading over an existing 2.x. You shouldn't need to re-activate, in any case it uses the same keys as 2.x.

Done. I upgraded PS2 to PS3. One day later I can't see any file newer than installation time.

P.S. Just in case, it seems to me the "statlistdb" file found in PureSight 3.0\Stlst folder is the app database. It has 20/03/2009 date.
And Auto updates is enabled!

Could it be a connection problem? Can PS use proxy settings of IE and update via HHTP proxy (like KAV can) or it needs NAT?
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 25 10 9:30 pm

adrien wrote:Could it be possible to gain access to your ISPs server some how? Even via VPN, or a UDP mapping proxy or something from our server. Just so we can send some DNS requests to them and get the response that is causing the problem. We can map it via a different UDP port number... e.g we use a server here that doesn't do DNS serving, set up a UDP mapping on say port 8053 through to your public IP. Then you forward that to your ISPs DNS server on port 53 (after checking it's from our IP). Then we can test against your ISPs DNS server across the net.

As I understand you want me to:
1. Create a new UDP Proxy working on UDP 8053 and looking at our ISP's DNS service ip: UDP 53
2. Bind that service to Wingate WAN interface (AFAIK, a hole in the Firewall will be created (and deleted, when binding is removed) automatically!? Is it?).
3. Create a user Qbic for you and assume he is under your public ip.
4. Allow only that user to use the new Proxy (and I don't need to create any criterias in its policy to allow only client ip = your ip to use that service, as it is already achieved by the first part).

Right?
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby adrien » Mar 27 10 3:03 pm

Hi

I think I've found another name that causes the DNS avalanche, so I'm working on a fix.

So I won't need your mapping at the moment, thanks anyway.

As for PureSight updating, it uses HTTP. Have you checked in the PureSight log file to see if it is reporting any error starting up?

The PureSight SDK docs don't mention anything about using a proxy for updates. That would imply it either doesn't use a proxy, or it uses the settings in the OS. Since WinGate runs in the system account, it may not be easily set. Do you need PureSight to use a proxy for updates?

REgards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 27 10 10:10 pm

adrien wrote:Do you need PureSight to use a proxy for updates?

Well, let's think, I have 2 choices:
1. Direct connection to Internet and obviously ISP's DNS server ip set on WAN interface TCP\IP settings, which makes Wingate crazy (under some circumstances). => I can't use it.
2. Proxy connection, which KAV is now using for updating without any problem (obviously reading proxy settings from IE settings).

My choice is 2.
So yes, to be able to have PS constantly updated I need it to get updates like KAV does. (Or by direct connection but without DNS lookup. - Hey! An idea! I'll record PS dns name / ip in the Wingate machine OS hosts file. This will provide PS with the direct connection. I'll let you know about results. But it will be nice if you post PS update link, just in case it is not in "puresight.com" domain zone).

P.S. Adrien, please don't leave Bandwidth control topic without your attention.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 29 10 11:02 pm

Alen wrote:Hey! An idea! I'll record PS dns name / ip in the Wingate machine OS hosts file. This will provide PS with the direct connection. I'll let you know about results.

Done. It did not help. The "statlistdb" file date is still 20.03.2009.
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby adrien » Mar 30 10 12:00 am

Hi

The update server is up.puresight.com, you could try that. Failing that, try a packet capture and see if that shows anything.

haven't forgotten about the bandwidth control issue.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 30 10 12:09 am

adrien wrote:The update server is up.puresight.com, you could try that. Failing that, try a packet capture and see if that shows anything.

Thank you.
BTW: The site name can be found in PS settings, on the page with AutoUpdate switch. I found it recently.
I'll try with up.puresight.com in the hosts and report.


adrien wrote:haven't forgotten about the bandwidth control issue.

Thank you for your help and great patience. :-)
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Re: Many questions and a few comments after reading Wingate help

Postby Alen » Mar 31 10 4:30 am

Alen wrote:BTW: The site name can be found in PS settings, on the page with AutoUpdate switch. I found it recently.I'll try with up.puresight.com in the hosts and report.

Well, another long playing problem is solved.
I registered "up.puresight.com" ip (showed by nslookup) and finally it started to update.

So, as I understand the case:
KAV plugin can update its database both via direct connection and via Wingate web proxy, which settings it is able to automatically read from IE settings (so all you need is just to setup IE to use Wingate web proxy).
PureSight can update its database only via direct (or NATed) connection.


I have to mention that with PS v2 I tried to provide Wingate machine with direct Internet connection (i.e. provide the machine with ISP's DNS server ip) and it did not help...
Alen
WinGate Master
 
Posts: 217
Joined: Sep 21 09 7:50 pm

Previous

Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 41 guests