Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 06 December 2024, 02:32:00 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Endian 2.3 - Proxy authentication on Transparent mode?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 2.3 - Proxy authentication on Transparent mode?  (Read 14697 times)
gblanco
Jr. Member
*
Offline Offline

Posts: 2


« on: Tuesday 03 November 2009, 10:28:06 pm »

Hi everybody.
I've an EFW 2.2 installation with many clients behind it. It is set up in transparent mode, which has been very suitable for our pourpose. Now there is the need to authenticate all users and I'd like to continue to use the transparent mode and avoid to re-configure all clients' browsers.
In EFW 2.3 seems that the mode (transparent/non transparent) is not strictly related to authentication, so I could think that a kind of authentication could be possible even in transparent mode. Does anybody know something about this?  Huh

Thanks in advance
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Wednesday 04 November 2009, 02:23:19 am »

What I do is assing policies by MAC address. It is not exactly authentication, but it does the job in transparent.
As any computer is assigned to a specific user, I assume that MAC=user. This way you can fine tuning the proxy for content filter and outgoing policies by user.
The only issue on transparent proy is the HTTPS. It isn't filtered or blocked to non-authorized users, so to reduce the problem I set some outgoing rules to only allow https traffic to specific users (by MAC). The rest of us (without web permits) are only allowed to some ip ranges (whitelist websites).


Yes, I know the MAC spoofing issue, but for now I think is good enough.
Logged
gblanco
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Wednesday 04 November 2009, 04:04:33 am »

hi, mrkroket, and thank you for your answer.

The transparent mode has been useful first of all for the fast setup of a new machine in the network: it only needs an IP address and is ready to go on the Internet and to be controlled by the content filtering and other control agents of the proxy.
Unfortunately, there is a new need: all users must also be authenticated and their identity must be logged. A user can move from a pc to another and still be able to surf using his own password. Other unauthorized users must be blocked even if they use the pc that was first used by an authorized user.
For these reasons I think that we need the "clasical" authentication type (i.e. username / pwd). The support for the transparent mode should be ideal in order to manage all computers without need of reconfigurating anything.
I hope this is possible in this or in a future release...
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Wednesday 04 November 2009, 04:29:48 am »

It's a bit of a contradiction. If you use transparent it really means transparent. What you need is something similar to captive portal. EFW community doesn't have it, only commercial one Sad.

 If you are in a Windows environment with Active Directory, you can tune the proxy via group policies. Only one change on one place.
Other than that I have no idea.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com