WinGate Forums

[aperia]

How do I allow requests for IP ranges through the proxy? I understand how to allow individual IPs through via the access rules, but I have about 20 subnets which need to be allowed and don't see an option to allow ranges. Thanks.

[jasona]

What version of WinGate are you running? There is a check box that allows you to 'specify range' on the access rules 'where' tab.

I am running WinGate 7.2.2

[aperia]

I am running the latest version: 7.2.2.3416. That is a range of source IPs that you are referring to. I already have a subnet range I've set for my internal users to connect from, but they need to be able to get out to the network to multiple ranges of IPs on many different subnets.

I.E., I need 192.168.10.x/24 (all source IPs) to be able to get from their machines to 192.168.20.x/24, 192.168.30.x/24, 192.168.40.x/24, etc. The only way to do this would be to add 252 individual IPs from each subnet, I guess?

[adrien]

Hi

how are these client machines using WinGate to connect to the other computers?

E.g. are they being NATed, or just routed to the other networks?

It may be possible to solve this with just routing (route table entries).

Regards

Adrien

[aperia]

The client machines will be using the proxy to call websites on the subnets. Not all sites have DNS addresses on our local network, so it's easier to just call the IP for the website. So, additional to using the proxy to call, say, google.com they also need to be able to call http://192.168.3.x (let's say 100 different IP addresses on that subnet) as well as a few more on different subnets.

I can add http://192.168.3.4 to the proxy whitelist, but what if i need to add 192.168.3.4 through 192.168.3.125? Do I have to add 124 exceptions? I'd rather be able to add a range like the proxy allows me to do for client hosts.

[adrien]

Hi

I see the problem, it's not the entire subnet?

You'd be able to use flow-chart policy. Is there maybe some other way you can lock it down, or distinguish between allowed and non-allowed destinations.

Regards

Adrien

[aperia]

Actually, yes, instead of relying on Wingate I created a domain policy with all the needed subnets as exceptions like 192.168.3.* and that seems to work. I think if Wingate could do this or had a more straightforward approach it would be optimal just so there is a single point for whitelist/exceptions.

Just in case anyone needs to do this in the future, the policy is: User Configuration -> Policies -> Windows Settings -> Internet Explorer Maintenance -> Connection -> Proxy Settings. Under Exceptions add any subnets needed with an asterisk and semi-colon separating them: 192.168.1.*;192.168.2.*;192.168.3.*