WinGate Forums

[udara]

HI
My question is does wingate see NAT traffic of clients? (In accounting->Byets sent to client ) or just proxy traffic?
Thanks

[neil]

Well this is a bit doubled edged. Yes the accounting mechanism within WinGate does see NAT traffic, but unless you have policies etc set up all of this traffic goes under 'Guest'. If you already have existing policies set up for the proxies and don't want to set them up again for NAT, you could just turn on TR's in each proxy service, and re-direct the traffic that way to capture all for accounting purposes.

Regards

Neil

[udara]

Running Wingate 5.2.3, Proxy and NAT servises running.
Users authenticate through proxy java client.
The problem is , users must be authenticated using their username and password only to use proxy, when they use ICQ or any program which connects through NAT wingate accepts them without any username and password.

So any compurter on LAN can connect to Internet. Not only the ones I have given username ans passwoeds.

Anyway to stop this?
thanks

[neil]

Well ther are a number of things you could do. You could assume users via IP, and make all users of NAT be assumed. Or you could just make all users of NAT authenticate using the www java login, and just keep that open and then minimised, while they want to perform any internet activity. If you want to block all icq traffic though for example, you could block the port icq uses to connect (5190) in the Port Security options in the ENS properties (LAN Conenctions to the internet).

Regards

Neil

[udara]

Thanks for the reply but, I think you didnt get me.
You said:
Or you could just make all users of NAT authenticate using the www java login...
I have already done that. All users authenticate using the www java login, but NAT works for everyone.!
To connect to Internet through Proxy they must user their username and password (www java login), but they can connet through NAT without entering username and password.

It cant be stoped? If so what is the use of www java login???
When NAT comes no control at all for ICQ, MSN etc
I dont want to stop my users from using ICQ,MSN etc. What I want is that the NAT also work for them only if they enter their username and passwod in www java login.
hope you can understand me.
Thanks

[neil]

Correct. So in ENS properties create a policy whereby all users (Everybody) MUST be authenticated, then nobody will be able to use NAT unless they have previously authenticated via the java login, and still have the java login still connected.

Regards

Neil

[udara]

in NAT policies I have to add any users. it is now ->

Default rights (system policies): [color=red]may be used instead [/color]

What do I have to do? do I have to add all users here and change
Default rights (system policies): to are ignored or must be also granted ?
can you please explain me in details
Thanks

[neil]

In Extended Networking properties, go to the Policies tab. In the drop down list at the top make sure that 'Users can access this service' is selected. Down the bottom where it says 'Default Rights (system policies)' change this setting to 'Are Ignored'. Now click the Add button. Under the Recipent tab, make sure the radio bottom is selecting the 'Everyone' option, then in the bottom half of the screen change the other radio button to 'User must be authenticated'. Now 'OK' your way out back to the main GateKeeper screen and click the 'Save' button.

Regards

Neil

[udara]

I will try
Thanks