Hi there is a very similar post on this discussion forum already but it doesn't answer how I would go about configuring our requirement.
I have previously implemented a WG7 device to be used with a default policy for internet browsing using AD authentication.
I have a requirement to build a WG7 transparent proxy to provide a user with access to the internet via a default policy where authentication is not required.
Below is a really crude drawing of what I am hoping to achieve. I really need to know whether the WG7 is capable of my requirement without getting a router to do Policy based routing.
The client PC in the diagram below will need to browse the internet using 80/443 traffic but may also generate VPN or other traffic on different ports. Is it possible for all traffic to route to the WG7 and then it handle the 80/443 traffic and apply its policy for web browsing and then with any other traffic it acts as the router and forwards it onto the firewall.
I think I need to configure WG7 in Proxy and WCCP mode? I presume I set WCCP router definition as 192.168.1.1 which the WLAN controller will have as its gateway. If this is the case then I guess that I set the ports to be redirected as 80 & 443. I then set a proxy listener address as 192.168.1.2 and a listener port as 9090 setting the L2 rewrite to local nic which is the 192168.1.2 address which I assign to a second nic?
Is this correct?
I think it would be an alternative idea to put the MWG into transparent bridge mode, and put it between WLAN Controller and Firewall. In transparent bridge mode MWG will intercept all requests to port 80/443 for filtering, while all other packets will just be forwarded. Since we act in bridge mode, there is no need for configuration changes on other network devices. MWG basically works like a smart cable in this case 🙂
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center