EFW Support

Is there any detailed article on step by step configuration for the HTTP proxy to work with Windows 2003 Active Directory?

Or is there anyone who had experienced on such configuration before?

Thank you in advance. ;)

It was pretty strait forward to me. goto the proxy configuration page, set your interfaces to authentication required, set the allowed subnets. Save. Goto the Authentication page, Domain name is your AD domain name, put in your Active directory server names for your primary and secondary in the PDC and BDC host names, Note that its not the FQDN just the hostname like DC1 or DC2. Enter a user name and password that has directory administrator rights. As best i can tell this is just to create the computer object for the system to authenticate to ad. Click Join Domain. After it has joined return to the page and Enter your domain name for the authentication realm, save. Setup rules, under default policy. I setup 2, one for general users and 1 for admins that bypasses filters. Then finally goto the Group policies page, click add/remove group. Add the groups you want to proxy by, save. Then on the Group policies page again, select the rule set you want applied to the groups you just added, click save.

Hi, thanks for the reply. Few more questions if you don't mind.

What I have: Endian Firewall Community release 2.1.2
What others information do you need?

1. I just realise there's 2 types of Endian available, one is the appliance and community (free) edition, is there any different of configuration between those 2?
2. What's the authentication type for the one that you suggested? Is it LDAP? or Windows?
3. Does anything has to be done to the Windows 2003 Active Directory to enable that option?

Will update this page when I can think of other question.
It's quite frustrated when you don't have *free* PC to test out those features. :(

1 > I dont know, personally i run the community edition. That would be a question for the sales people. I know the appliance will have support of endian though, and more features enabled. http://www.endian.com/en/community/comparison/
2 > Endian looks to configure samba to query AD, so it would use windows kerbos authentication. Although you can set it to use LDAP or radius authentication.
3 > Nothing. It will create a domain computer account to be able to authenticate users, and you will need groups setup to controll access.

After trying the first few steps, I was stuck at entering the PDC hostname.
It keep on giving me error "Cannot resolve PDC hostname!", I had tried several methods like dcname01, dcname01.domain.com (this one gave "Invalid hostname for Primary Domain Controller").
I can ping the hostname, it gives positive replies, while I'm not sure on how Endian query on the hostname itself.

And there's no Username and Password box for me to enter, also no "Join Domain" to click to? How to bring this up?
I was wondering if my version is correct or the Authentication method that I select is wrong? (I'm selecting Windows authentication method)
I'm using Endian Community 2.1.2

What's the "Authentication Realm Prompt"? Does it has to has something in order for others to work?

Regards "Authentication mode", what does this do? Is it related to AD or the clients?
It has the "Enable Windows integrated authentication" ticked.

Do you need the screenshot of my "Authentication method" page?

The PDC hostname is the NETBIOS NAME.  (fq host name=server.domain.net --> netbios name= server)
Read the Manual. There is it.


The Proxy Realm, with AD must be the FQDN. (domain.net)

Save and apply the changes.
After, click in "join domain", put user and pass (if you use  domain\username it doesn´t work, just username)

Good luck.

Thanks