cancel
Showing results for 
Search instead for 
Did you mean: 
HermanSchenk
Level 11

MWG 6.8.6 Web mapping with ISA 2006

Hi , How can I do  web mapping MWG acting as an ISA 2006 (EDGE)  upstream proxy  ? LAN > ISA EDGE >  MWG > INTERNET

It is possible?

Because always receiving Authorization failed from MWG

0 Kudos
6 Replies
McAfee Employee

Re: MWG 6.8.6 Web mapping with ISA 2006

Why using ISA at all? Seriously, what role is ISA playing in this setup? Is it firewall or just proxy?

Generally, you could use the auth server at MWG to authenticate in the proxy chain or use the ISA plugin from the extranet page to let ISA forward at least group or IP information to MWG.

thanks,

Michael

0 Kudos
HermanSchenk
Level 11

Re: MWG 6.8.6 Web mapping with ISA 2006

ISA is the first line proxy (firewall could not disabled) ,  my configuration rplace the second line ISA for a MGW , Don t want to use ICAP just HTTP Proxy  and I want to use web mapping.

0 Kudos
asabban
Level 17

Re: MWG 6.8.6 Web mapping with ISA 2006

Hi Herman,

as MIchael stated the ISA Plugin downloadable from the Extranet can act as an ICAP or as a "Chaining" Plugin. We do not want to use ICAP here but the Chaining mode, which adds Username and Groups looked up by the ISA Server into the traffic that is sent to Webwasher. On Webwasher you can use the User and Group information to perform a mapping, similar to Webwasher authenticating on its own.

You need to add a User/Group Mapping (Directly) and switch the "Extract User Information from" from "Standard-Meta ICAP Header" to "User-Defined Request Header", and fill in "X-Authenticated-User" or "X-Authenticated-Groups" depending on the Mapping you want to perform.

Finally put in a Generic Header Entry into all policies that removes these headers before sending them to the Internet.

This should suit your requirements.

Best,

Andre

0 Kudos
HermanSchenk
Level 11

Re: MWG 6.8.6 Web mapping with ISA 2006

Very useful, thanks you ! It is working but, using X-Autehnticated -Groups and X-Authenticated-User but in the access logs I can nt see  in %xusername field  the name of the user I only can see a minus symbol (-).

0 Kudos
HermanSchenk
Level 11

Re: MWG 6.8.6 Web mapping with ISA 2006

OK! working now! one question , If * means over defualt policy with auth user allow all ,  wich is the special character of *  to deniad access??

Thanks a lot MIchael and Andre!

0 Kudos
asabban
Level 17

Re: MWG 6.8.6 Web mapping with ISA 2006

Hi,

Were you able to havea look into the Log file issue? Is this working now?

Besides your second query I am not really sure if I do unterstand you here. Can you please give me a quick example? Then I will try to comment on that :-)

best,

Andre

0 Kudos