cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
switch2411
switch2411
Level 7
‎09-30-2013 12:58 AM

Redirect Port 80 to Webgateway

Hello,

We use a McAfee Webgateway Appliance in the DMZ and a Checkpoint Firewall.

We want to redirect Port 80 and 443 (and maybe another Ports) from the Clients to the MGW in the DMZ   -> Benefit: no Browsersetting for Proxy is required for the Clients

The MGW is in the Active Directory, the Authentication works with LDAP (with a LDAP User). 

Our Problem is, the automatic Authentication is not working, when we redirect the Ports (always prompted for username/password - if it is filled in - it´s working)

any ideas ??

Thx

0 Kudos
Reply
1 Reply
sroering
sroering
Level 13
‎10-02-2013 06:49 AM

Re: Redirect Port 80 to Webgateway

Please see this article, in particular the section on Transparent Modes.

https://community.mcafee.com/docs/DOC-4384

Basically you fell into the "admin trap" of believing that you can avoid modifying the clients and still get authentication to work without prompts.  When you use a transparent method, the client machines do not know they are going through a proxy, so you cannot use proxy authentication.  For "promptless authentication" to work, you need to use NTLM or Kerberos, but the browser will only send credentials for trusted sites.  When the web gateway prompts the browser for authentication, the client thinks the remote site (cnn.com, facebook.com, mcafee.com, etc.) is asking for their domain credentials.  Obviously you wouldn't want that to work.

0 Kudos
Reply