One of my customers has just asked a question, but as my colleague (who deals both with this customer and WebGateway more than I do) is not immediately available I thought I'd ask the question here.
The customer is currently running an older appliance with Web Gateway 6.x running on it. A proposal is being put forward to replace the hardware and, in doing so, introduce this customer to version 7.
In his current v6 configuration he explains that he has a number of 'rules' configured which look out for specific URL reqests from users and when a URL is matched instead of sending the connection out via the default gateway it is sent to an explicit upstream proxy device (which is connected to a different network).
The question is simple; does this functionality still exist in version 7?
Yes, it's very easy to do.
Just create a rule that says if URL matches in list "listname"
Enable next-hop proxy event.
It will hop only for the URL that match.
I'm the colleague who deals with the customer, and the WebGateway product. I'm setting this up on-site and seem to have run into a bit of a problem... When I first implemented this it all seemed to work fine, but on closer investigation, it seems that it only works for plain HTTP URL's, all the HTTPS requests are not matching, and don't re-direct. Do I have to de-crypt for this to work? On the old Version 6 product both plain and encrypted sessions worked fine?
usually the URL should be part of the CONNECT request done with HTTPS and the properties should be fille the same way for HTTP and HTTPS. What do you see in the logs?
If you are running in transparent mode it may happen that MWG only sees the IP address of a request (can be seen in the access.log). Then a "URL = www.google.com" criteria won´t match.