EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: gblanco on Tuesday 03 November 2009, 10:28:06 pm



Title: Endian 2.3 - Proxy authentication on Transparent mode?
Post by: gblanco on Tuesday 03 November 2009, 10:28:06 pm
Hi everybody.
I've an EFW 2.2 installation with many clients behind it. It is set up in transparent mode, which has been very suitable for our pourpose. Now there is the need to authenticate all users and I'd like to continue to use the transparent mode and avoid to re-configure all clients' browsers.
In EFW 2.3 seems that the mode (transparent/non transparent) is not strictly related to authentication, so I could think that a kind of authentication could be possible even in transparent mode. Does anybody know something about this?  ???

Thanks in advance


Title: Re: Endian 2.3 - Proxy authentication on Transparent mode?
Post by: mrkroket on Wednesday 04 November 2009, 02:23:19 am
What I do is assing policies by MAC address. It is not exactly authentication, but it does the job in transparent.
As any computer is assigned to a specific user, I assume that MAC=user. This way you can fine tuning the proxy for content filter and outgoing policies by user.
The only issue on transparent proy is the HTTPS. It isn't filtered or blocked to non-authorized users, so to reduce the problem I set some outgoing rules to only allow https traffic to specific users (by MAC). The rest of us (without web permits) are only allowed to some ip ranges (whitelist websites).


Yes, I know the MAC spoofing issue, but for now I think is good enough.


Title: Re: Endian 2.3 - Proxy authentication on Transparent mode?
Post by: gblanco on Wednesday 04 November 2009, 04:04:33 am
hi, mrkroket, and thank you for your answer.

The transparent mode has been useful first of all for the fast setup of a new machine in the network: it only needs an IP address and is ready to go on the Internet and to be controlled by the content filtering and other control agents of the proxy.
Unfortunately, there is a new need: all users must also be authenticated and their identity must be logged. A user can move from a pc to another and still be able to surf using his own password. Other unauthorized users must be blocked even if they use the pc that was first used by an authorized user.
For these reasons I think that we need the "clasical" authentication type (i.e. username / pwd). The support for the transparent mode should be ideal in order to manage all computers without need of reconfigurating anything.
I hope this is possible in this or in a future release...


Title: Re: Endian 2.3 - Proxy authentication on Transparent mode?
Post by: mrkroket on Wednesday 04 November 2009, 04:29:48 am
It's a bit of a contradiction. If you use transparent it really means transparent. What you need is something similar to captive portal. EFW community doesn't have it, only commercial one :(.

 If you are in a Windows environment with Active Directory, you can tune the proxy via group policies. Only one change on one place.
Other than that I have no idea.