We are evaluating the Webgateway within our network and we have the current setup and problem
1- Gateway is connected using Transparent bridge, with one port connected to our Firewall and segonr port into our internal network
(we need all teh traffic to pass through the webgateway, if it is HTTp, https he will filter, if no he will route to the firewall as it is and our FW will decide what to do)
(we need to use transparent bridge because we dont want to set up proxy inside any computer, we have many laptops, mac, ipads, iphones that uses the device inside and outside the company)
(we need also to authenticate all users who want to browse through our active directory)
2- problems that we are facing
A- Gateway comunicating with Active directory normally
B- User is getting the authentication page even if he is logged in to teh domain already, which is not logical.
If he is logged in to teh domain using his user/pw then he should not receive authentication again when browsing
C- users not authenticated to teh domain like laptops, Macbooks, Ipads etc.. are getting teh popup also but not authenticating and not validating the user
D- We have many Webservers within our DMZ .. Our clients are receiving popup for authentication when accessing our websites (from outside the company)
We need to authenticate only users
What we should do to make this working?
What is missing within our setup?
Any more info i am ready.
If you are using LDAP, users will always get prompted. This is a given (regardless if the user is on the domain).
If you are using a transparent setup, with the authentication server, then the users need to trust the MWG in order to perform integrated authentication.
For more information, review my section on the authentication server (for transparent setsup):
For the case of users in the DMZ, you should make sure that that traffic does not pass through the MWG.