can the client reach the MWG? Can you ping the IP address of the interface the client is connected to? Can you share the network settings of the client as well?
Did i config correctly? i can ping internal interface and also external interface. In transparent router mode, do i must config default gateway on client point to internal interface or just config proxy setting in browsers that enough? Thanks Andre!
I cannot tell you what you have to configure, because I do not know what you would like to set up 🙂 In transparent router mode it should be enough to use MWG as the default route on the client, and you do not need to explicitly configure the proxys IP in the browser. If you want to configure it in the browser, there is maybe no need to use transparent mode, but you could run in explicit mode very well. So it really depends on how your network looks now and how it should look when MWG is in place,
If you can ping MWG from your browser you should be able to reach it. If you try browsing, is there an MWG error message showing up in the browser? Did you try to run any packet captures on MWG to see what is going on?
Have no errors in browsers from MWG. Because my customers using TMG (proxy mode) with 2 interface so i must config MWG transparent router mode that don't need change anything from client.
as explained it is hard to tell each setting without knowing the network and environment. Have you run any packet captures and verified that the traffic arrives at the MWG as expected when you try to browse?
I would recommend to file a ticket with support if a more in-depth analysis is required.
If you are using transparent router mode, my guess is that the router that MWG uses as its default gateway needs a static route back to the client's subnet.
Transparent router mode on MWG does not include NAT like TMG does, so traffic that gets to the edge router still retains the IP address of the original client. In order for responses to get back the client, the router needs to have a static route to hop it back through the MWG's external IP address.
Thanks All, because in customer's network client point default gateway to another firewall and use auto detect proxy to browser internet by dhcp server. So i want to deploy proxy mode that one internal interface (no default gateway) that client point proxy to and one external interface that go to internet. I think proxy maybe deploy easier. Is it possible?
Yes, that is possible.
However, I do not recommend putting an external interface directly to the internet. You should have the outgoing interface at least protected behind a firewall or in a DMZ. Otherwise, you will have to harden that external interface with network protection rules and binding the service to the inside interface only. That is not too hard to do, but it's easier if you have a firewall doing that work for you instead.
Hi All, my customer network use dhcp wpad.dat to autoconfig proxy on TMG so i also config MWG to using wpad.dat but have conflict (Infinite Proxy Loop) because they using port 80 path http://x.x.x.x:80/wpad.dat that MWG didn't work. They also don't want to change path because this just demo. Have you got any ideas for this situation? Thanks!
Hello Andre and others,
Can You help me with next issue:
My customer using TMG in Proxy mode. All users have on their browsers proxy configurations of TMG. And some users, as example accountants, working with some programs that cannot use browser's proxy settings. For solve this, TMG has a TMG Client that can use TMG in NAT mode.
And my customer want to change TMG to MWG. We deployed MWG in Proxy mode. And I don't know how to solve issue for accoutants.
Please, help me urgently!