cancel
Showing results for 
Search instead for 
Did you mean: 
mmulligan03
Level 7

Proxy pass through for internal domains

We have a few internal web apps that we are trying to access through a domain name that is internal only to our company.  We added a DNS entry for our sites which works but because web gatewat can't verify the domain name we can't add it to the white list. Is there another way to add a domain name so when web gateway sees it, it allows it through?

Any help on this would be appreciated.

0 Kudos
12 Replies
ittech
Level 13

Proxy pass through for internal domains

What about whitelisting an IP Address or IP Range?

0 Kudos
DBO
Level 9

Proxy pass through for internal domains

Why not exclude it in the PAC file?

0 Kudos
jont717
Level 12

Proxy pass through for internal domains

I don't understand why it cannot verify the domain name. 

Use the tools under Troubleshoooting to do ping from the gateway.

If you cannot ping hostname, then you need to add your domain to the etc/resolv.conf file.   You need to tell it where to search.

Something like this:

search openna.com

nameserver 208.164.186.1

nameserver 208.164.186.2

0 Kudos
mmulligan03
Level 7

Proxy pass through for internal domains

The reason it cannot verify the domain is because it is an internal domain only and we dont want to add DNS entry for the outside world to see.  The entry for resolve.conf that is on the web gateway server correct? 

0 Kudos
jont717
Level 12

Proxy pass through for internal domains

The resolv.conf is for internal lookups.    You need to have your internal DNS servers listed here and tell it where to seach for internal hostnames that are entered into Internet Explorer.

Use PuTTY to SSH in and edit the file.  Do not put it between the ### BEGIN ..... ### END   or is will be erased when you restart the Web Gateway.

0 Kudos
cestrada
Level 7

Re: Proxy pass through for internal domains

For internal domains to be bypassed isnt this done via GUI.   Through the GUI arent you suppose to place the domain name onlynot internal DNS ?  Also arent you suppose to place the domain name between the ### BEGIN ..... ### END

At least this is what I've been told by UK McAfee..is this incorrect what i have setup right now ?????e.g. ...............

### BEGIN AUTOGENERATED CONFIG

search mydomain.net

search  anothelocaldomian.net

### END AUTOGENERATED CONFIG

Message was edited by: cestrada on 4/20/11 1:31:36 PM CDT
0 Kudos
eelsasser
Level 15

Re: Proxy pass through for internal domains

You should not put anything between the ### BEGIN and ### END tags. Everything between will get overritten.

Look at the /etc/resolv.conf file itself after you make a change and you should see the data gets erased.

0 Kudos
cestrada
Level 7

Re: Proxy pass through for internal domains

OK I strongly disagree that this gets overwritten upon reboot.  We have 6 Webgateways all of which have the setting and they never get wiped upon reboot.  I just restarted one of my dev webgateways and they are not overwritten.   Is this a flaw or a bug? Also is this how it should be setup then ...or should it be internal DNS servers not domain servers.

search mydomain.net

search  anothelocaldomian.net

### BEGIN AUTOGENERATED CONFIG

### END AUTOGENERATED CONFIG

0 Kudos
jont717
Level 12

Re: Proxy pass through for internal domains

This is how it should be set up.

domain company.domain.com

search company.domain.com anotherlocaldomain.com andonotherdomain.com

### BEGIN AUTOGENERATED CONFIG

nameserver 172.16.xxx.xxx

nameserver 172.16.xxx.xxx

### END AUTOGENERATED CONFIG

The info between the ### BEGIN AUTOGENERATED CONFIG and ### END AUTOGENERATED CONFIG is put there by the gateway on its own.  If you put your own stuff there, it will be deleted when you reboot.  That is where your DNS servers will be put.

"search"  > you can put up to three different domains in one line.  Just seperate them with spaces.  You do not need two "search" statements.

0 Kudos