WinGate Forums

[suporteagro]

Dear support,

I have a Wingate 6.6.4 installed in a XP Pro machine.
The entire internet is blocked and each user has access only to the websites needed for their jobs.
The allowed sites are configured in the Policies of the WWW Proxy Server Properties.
So, when the user tries to open an url, a java authentication window opens asking for username and password.

Everything works fine, but I have a web site called "Conectividade Social" at http://cmt.caixa.gov.br that some users "must" access. To do that NAT must be enabled and I have to turn off transparet proxy by unchecking the port 80 in the Sessions of WWW Proxy Server Properties.

Today I noticed that some users that have Firefox installed can access any webpage. The authentication window doesn't appear and the WWW Proxy Server policies don't work.

Could you help me with this huge problem ??

Thanks,
Gabriel

[adrien]

Hi

Are the Firefox users browsing through the proxy, or just going through NAT? If you turned off interception, then any client machine can bypass the proxy, and therefore bypass WWW proxy policy.

Does that site not work through the proxy? What happens?

Regards

Adrien

[Alen]

Everything works fine, but I have a web site called "Conectividade Social" at http://cmt.caixa.gov.br that some users "must" access. To do that NAT must be enabled and I have to turn off transparet proxy by unchecking the port 80 in the Sessions of WWW Proxy Server Properties.

As I understand you were using NAT connection method with Transparent Proxy enabled. Here is your problem.

You should change your connection method to pure Proxy, plus grant to desired users only, right to use NAT (and restrict NATed access to ips / urls you need only). That will be a solution.

P.S.

a web site called "Conectividade Social" at http://cmt.caixa.gov.br that some users "must" access. To do that NAT must be enabled

If it is a website, then why should one have to access it via NAT? Just curious.

[suporteagro]

Hi,

Thanks for you support !!
Searching the forum about Firefox, I found a post telling to restrict NAT using policies. So I went to Extended Network Driver and found the "Users" group with "User may be unknown" checked. I changed it to "User must be authenticated" and the problem is solved.

Alen, the http://cmt.caixa.gov.br is a website used by companies to exchange employees information with the brasilian government. To access the site you have to use a digital certificate. If the port 80 interception is on, then the login fails with a message like "Fail to negotiate the keys".

A "script" of how to configure Wingate to work with this site can be found at Heniq Net website (http://home.heniq.net), which is a Qbik Partner in Brazil.

Talking about the port 80 interception I have one more question: Everytime I restart Wingate I have to manually stop port 80 interception. Is that behavior normal ?

Thanks,
Gabriel

[Nev]

Hi,

Talking about the port 80 interception I have one more question: Everytime I restart Wingate I have to manually stop port 80 interception. Is that behavior normal ? Thanks, Gabriel

Hi Gabriel,

No it isn't!

You could try to select the Port in the main dialogue, delete that and disable intercepts then reboot.