WinGate Forums

[dilok1983]

Hello,

Could you please help me with "Policy" in new WinGate server 7.

I do not understand how it works.....i have such problems:

1. I can't choose policy in that menu "Services\WWW Proxy Server\Properties\Events (when i try to add policy i choose it but it not added)"?
2. Do you have some information for manage menu "Policy"?
3. How meny Events need for work "WWW Proxy server"?

Please help me.

[Aaron Koolen-Bourke]

Hi there. Are you saying that if you click "Add" under ""Services\WWW Proxy Server\Properties\Events" that nothing happens? Is the button enabled at all?

Here is a set of picture to show you what you should be seeing.

servicesproperties.png (15.24 KiB) Viewed 7898 times

proxyrequest.png (19.16 KiB) Viewed 7898 times

Add.png (25.34 KiB) Viewed 7898 times

proxypolicyselect.png (23.85 KiB) Viewed 7898 times

policyshot.png (56.36 KiB) Viewed 7898 times

[dilok1983]

Hello Aaron

Thanks for your answer.

I attached short video.

You find a two video file

1. First video it's archive rar ( include exe file you will run and watch)
http://www.ex.ua/load/329173369658/31114292
2. second have *.uvf format (To view, please use the use special video player you can download it here http://www.uvsoftium.ru/download.php?file=1)
http://www.ex.ua/load/329173369658/31114315

What it could be? :(

[dilok1983]

I understand my mistake. :(

Can you tell me what minimum events i must use for working "WWW Proxy Server" for use Active Directory authentication. Thanks

[adrien]

Hi

there are 2 ways to get WinGate to require authentication.

The main complexity is because authentication is optional. It needs to be optional because some clients can't deal with it very well.

HTTP authentication works by the server or proxy challenging a client request (if auth is required for that request). At that point the client knows it needs to provide authentication credentials.

This can be done in WinGate in 2 ways, either using Web Access Control (WAC) rules, or the flow-chart policy.

For WAC, you just need to have a rule that requires knowledge of the user. This means the "who" tab must not be "Everybody", and the where, when and what must also match the request.

For flow-chart policy, there needs to be a decision made whether to challenge for auth or not, then if the decision is made to challenge, a result which is set to "Auth". This can be done in most WWW proxy events, but depending on the type of request, different events will be fired. The sequence of events for the WWW proxy are:

1. Client connects to proxy => fire the ClientConnect event
2. Client sends a request => fire the Request event

the request can be of 3 forms.
a) a normal proxy request for an upstream resource => fire the ProxyRequest event
b) a CONNECT request to make a tunnel through the proxy (e.g. for https, or other protocols) => fire the ConnectRequest event
c) a server-style request, where the client is treating the proxy like a server. This is used for things like reverse proxying, or when you use WinGate as a web server => fire the ServerRequest event

3. Request is completed => fire the RequestComplete event.

Steps 2 / 3 may happen a number of times for any particular connection.

4. Client or proxy disconnects => fire the ClientDisconnect event

The sample policies that ship with WinGate 7 have an auth policy, in the sample policy hooked to the WWW Proxy : Request event, there is an item that calls another policy which performs authentication. If you open this policy, you can see that there is a switch to turn it on or off (auth at all or not) which is controlled on the dashboard, or in the Data -> Global Data -> Boolean -> AuthRequired setting, and there is also a list of sites that don't require auth.

Adrien

[dilok1983]

Hello,
Sorry but i don't understand you. :(

Could you explain me step by step. I need to do next:

I have a domain controller and i want use NTLM Authorisation my users on Wingate 7

this is a video with my configuration: http://www.ex.ua/load/329173369658/31328133 download "conf.exe"

Can you help me. Thanks

[dilok1983]

Hello Adrien,

Please help me i really need to integrate WinGate in my company till 31.08.2012

Thanks.

[adrien]

Hi

which part(s) of what I wrote didn't you understand?

Using Web Access Control rules to do authentication is just a matter of

1. create a web control rule
2. make sure the "who" tab is not "everyone"
3. Make sure it's at the top of the rules

that will force auth for all requests for all people. that's usually not what you want though, which is why there are more options.

Adrien

[dilok1983]

Hello Adrien,

Did you see my video files about my configuration, what can you tell me about it?

I did all your advice but unfortunately nothing happened, can we call to each other and speak?

My time zone GMT+2

[dilok1983]

Hello Adrien,

You are don't answer on my question fully. (and same times i think that you are forget me :()

I ask you to help me with setup WinGate 7

I very ask you please help me with setup WinGate7 (i gave alot files video with my configuration WinGate 7 i was hoping you will understand my situation)

But i didn't get your answer and if i don't get a working solution from you i will refuse from using WinGate 7 (I have license WinGate for 100 users) becouse new version WinGate is wery hurd for using (old version is very clear) and i can't get normal technical support about my problem.

I ask you last time......

I have a simple task to create Authorisation by NTLM (Active Directory) for my users through a proxy server, how i can do it? (please answer my question step by step)
I use now a trial version WinGate.

[Aaron Koolen-Bourke]

Hi dilok.

I watched the video and it's all clear now as to the problem you are having. You have not assigned an event to the policy which means it will not actually be processed and will also not appear in the "Specify even processing" dialog.

Open up your policy and drag the "WWW Proxy Server: Proxy Request" event on the left hand side into the policy. Then connect that event into your other policy items as you have done already for the others. If you do that and go back to the "Specify event processing" dialog in the WWW Proxy Service properties you should see your policy appear there, assuming you have added it previously as you did in your video. This is what it should look like:

dilokfixed.png (59.27 KiB) Viewed 7778 times

You also should not need to have that Service Control item there to start the WWW Proxy unless you are expecting it to be turned off most of the time.

For future reference, Policies don't do anything until an event is placed inside them. This is because some policies can react to a number of different events and so you need to drop the correct one (or more) into the policy.

Let me know if this solves your problem or not.
Aaron

BTW: Here's a link to the online documentation relating to assigning events to policies. http://help.qbik.com/index.php?topic_id=268

[dilok1983]

Hello Aaron,

Thanks for your answer.

I understood the problem with asign "policy" to "events". Thanks

Have you looked another video file with my next problem (this is a video with my configuration: http://www.ex.ua/load/329173369658/31328133 download "conf.exe")

Please give me a answer step by step. Thanks

[Aaron Koolen-Bourke]

Hi dilok. Adrien has already answered the question about authentication. That should show you the steps to set up policy or Web Access rules to get clients to authenticate.

A simple example is to put in the event you want (Proxy Request, Connect Request etc) and link it to a User/Group Check policy item that checks to see if the user is a member of "Authenticated Users". In the"No" branch, set a policy result of "Auth"