WinGate Forums

[philzgr8]

I am thinking of using Wingate 7 in my home network and my initial thought is to install it on my Windows Home Server V1 Server (WHS) but I need some advice as to whether there are any traps with WHS and whether all of my requirements can be easily met.

Environment and network infrastructure:
At present I have a cable modem which connects to the internet running into a primary router. (Netgear WNDR3700 v1). This router handles DHCP and NAT as well as providing WLAN access. From that router I have connected a switch into which I have a second router (WNDR3700 v2) which has DHCP turned off and which effectively operates as a wireless access point and a switch at the other end of the house. It has NAT filtering set to "secured" whatever that means but I suspect it may be able to be switched off? From my primary switch I also have a number of machines including a Windows Home Server which allows remote access and also hosts a couple of other internet services (Blue Iris Security being the main one) and a Windows Media Centre PC which has some remote access via a product called Remote Potato. Access to services within the network is addressed by port redirection.

Requirements/Nice to haves:
1. Remote access to WHS and other internet services both on my WHS Server and on other machines inside the network. (Port Redirection?)
2. Support for my existing WLAN
3. Inability for clients to circumvent the rules applied within Wingate.
4. Bandwidth throttling by user, client ip, mac address, port or website.
5. Bandwidth usage monitoring by user, client ip, mac address, port or website.
6. Cached web proxy service.

Questions:
From what I can see, most if not all of what I want is achievable but I am only semi-technical in this area (although I set up my own network so I am not a total newb), and I need to understand what are my limitations. To aid th process I have a number of questions as follows:

1. Are there traps for installing Wingate on a Windows Home Server which may cause difficulty and if so, what are the traps and limitations?
2. Are there traps for running other internet accessible services both from the Wingate server and from client machines?
3. I would prefer that users do not have to log in but that is not a specific requirement provided that IOS devices will be supported.
4. I need to be able to limit certain types of activity either by denying access to certain ports and or websites by user/ip etc. How will this best be achieved?
5. In order to manage bandwidth and access control, I need to be able to monitor usage by user, port and or internet address. How is this best achieved?
6. Will I need to add a second NIC to my Wingate server to isolate the internet connection or will Wingate ensure that users cannot access it without some form of authentication?
7. In my home, there are 4 x Windows PC's which connect via ethernet and one via WLAN. There is also one Apple Mac which connects wirelessly and up to 8 mobile devices connecting via WLAN. What licensing option would be recommended in this scenario.

Understand that I am aware that the specifics of how to achieve much of this will probably be available via the help website or elsewhere so I am not really expecting specific answers to all of my questions but more an indication of how difficult it might prove to achieve my requirement. I'm fairly sure that some of my requirements might be limited by the specific configuration and client authentication method I choose and I would like to have a clearer understanding of those limitations before I commit to purchasing. Any assistance, including links to relevant help articles or other resources would be very much appreciated.
Cheers,

Phil

[adrien]

Hi

1. traps. Not that I'm aware of. Things to watch out for would be port conflicts between WinGate and other windows services, such as IIS (web publishing) and DNS servers. WinGate's web proxy can run on another port no problem though, and it will alert you about port conflicts and the process that is conflicting.

2. if you install the WinGate Network driver, then running other internet apps on the WinGate server will require you to enable the ports in the firewall settings. Some services like FTP servers would require opening a range of ports. Running services on other machines would require port forwarding, but it's not clear to me if WinGate will be the only way from your LAN to your cable modem or not.

3. logging in is optional - in that access to whatever sites can be forced to auth or not depending on your requirements. iOS clients generally have no problem actually authenticating to a web proxy though, but make sure they are running 5.1.1, since earlier versions were buggy in this area.

4. I'd recommend taking a look at the web access control policy video on our youtube channel http://www.youtube.com/user/qbiknzltd/. You can allow or ban sites per user / IP / time of day. Flow chart policy is still more flexible.

5. Bandwidth rules in WinGate are per IP:port, so don't necessarily map 1:1 to user.

6. WinGate will work fine with only 1 NIC, although it may be easier to do bandwidth control with 2. As for enforcing auth, that's a configuration thing - depends on how you set it up. Since auth is optional. What sort of access are you envisaging here? E.g. if it's web proxy access, you can do that, but WinGate won't enforce auth for file share access etc, since that's done by windows.

7. WinGate licensing is done by concurrent user. I'd recommend a trial, you can see how many licenses were used. If you're also serving hosts on the internet, they will consume a license count each as well.

In summary, I'd recommend a trial. You should be able to ensure it will do everything you want before any purchase decision, and our support desk is open to trial users.

Regards

Adrien

[philzgr8]

Thanks for the response. I actually finished up downloading and installing a trial but I decided that putting it on my Windows Home Server was a little too problematic. As I understand it, there is an issue with WHS updating its external IP address with the WHS domains server to allow remote access. (This works a little like dynamic DNS and requires regular updating.)

In the end, after about 7 or 8 hours of playing with it I decided that at this stage it's just too complex for me to get my head around. So many things wouldn't work or required configuration beyond my understanding of the software or networking protocols etc. and I felt like it could take me days to get it working properly. I especially had trouble re-configuring my routers to operate as a WAP's and while I'm sure with more research I could get there, I decided that the downtime on my network to get it sorted was too great a price to pay. (Especially with a daughter whinging in my ear about it.)

Of course all of that is not to say I won't come back to it at some stage but clearly it needs way more research and with a network setup that is a little more complex than most home users I suspect that there will be some major challenges in terms of learning.
Cheers,

Phil