My organization recently acquired Web Gateway to replace and older solution. We currently have the Web Gateway in place with a few machines directly proxied to it for testing purposes only and are in the final stages of configuration. I may have some other questions going forward, but my main one right now is this: what is the best way to test the rules we've configured in WG against users that will be passing their web requests through the gateway to see if the rule sets apply properly? I would like to be able to do this by entering (somewhere) the user accounts name and an associated URL, and then, based what rule sets apply to that user, see if the site is blocked/allowed and for what reason. Is this possible?
I think you might want to check out rule tracing if you havent seen it before:
Rule tracing allows you to watch what happens when web traffic passes through the Web Gateway (MWG). You'll see each transaction sent by the browser, and how each transaction was handled by the rule engine. The rule trace will break down every fired/unfired rule so you can troubleshoot and understand how to adjust your rules to do what you want.
I'd suggest defining your tests and then validating them to see if they pass (i.e. is playboy blocked for x,y, but allowed for z; is cnn.com allowed for x, but not y,z).
This method would would work for the testing and roll out phase where users know to expect back and forth questions, but wouldn't work so well for continued support.
The only issue I is that this method is sort of reactive. It requires us to create the rule and, in order to test it, bother the end user and ask them to try and get to the URL/category/etc. that they requested so we can perform the trace. I'm looking for a somewhat more transparent testing method where I can determine the outcome of the rule set against a particular user without having to involve that user until we're sure it functions properly.