cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

MWG7 requiring authentication for outside connections

We went live for a bit today and ran into a problem with the MWG7. It was requiring authentication from users that were trying to connect to OWA and an site in which customers can use to pay their bills. Do I just need to add those IPs to a whitelist or is there something else I'm missing?

0 Kudos
5 Replies
salanis
Level 10

Re: MWG7 requiring authentication for outside connections

If you're enforcing authentication then you would normally want to exclude the URLs from authentication but customers find it more convenient to continue logging users making the request and exclude the User-Agent header from having to authenticate.

To be a little more explicit, you need to white list User-Agents from authentication hence many desktop applications such as java, media players, etc... cannot handle intergrated authentication.

You could run a network capture whilst replicating the issue and check which request is being denied due to failing to authenticate, ofcourse if this is the reason.

on 1/5/11 3:48:51 PM CST
0 Kudos
ittech
Level 13

Re: MWG7 requiring authentication for outside connections

I think I have to let the URLs through. I'm using the MWG7 as a Transparent Bridge with Authentication Server settings.

0 Kudos
salanis
Level 10

Re: MWG7 requiring authentication for outside connections

I still think a network connection or a connection tracing under Configuration > Troubleshooting will help you determine the issue.

0 Kudos
ittech
Level 13

Re: MWG7 requiring authentication for outside connections

I'm going to add the IPs to a whitelist and we're going to try again later today. We're still going to do a tcpdump, so we'll try to figure it out.
0 Kudos
ittech
Level 13

Re: MWG7 requiring authentication for outside connections

Fixed this problem by doing a Stop Cycle for some external exceptions since our MWG7 in in-line with all incoming and outgoing traffic. Imagine that! Also, had to fix a CNAME error in DNS. Big thanks to Jon Scholton!

0 Kudos