1 2 Previous Next 12 Replies Latest reply on Aug 19, 2011 11:18 AM by juancdiaz

    Proxy pass through for internal domains

      We have a few internal web apps that we are trying to access through a domain name that is internal only to our company.  We added a DNS entry for our sites which works but because web gatewat can't verify the domain name we can't add it to the white list. Is there another way to add a domain name so when web gateway sees it, it allows it through?

       

      Any help on this would be appreciated.

        • 1. Proxy pass through for internal domains
          ittech

          What about whitelisting an IP Address or IP Range?

          • 2. Proxy pass through for internal domains
            DBO

            Why not exclude it in the PAC file?

            • 3. Proxy pass through for internal domains
              jont717

              I don't understand why it cannot verify the domain name. 

               

              Use the tools under Troubleshoooting to do ping from the gateway.

               

              If you cannot ping hostname, then you need to add your domain to the etc/resolv.conf file.   You need to tell it where to search.

               

              Something like this:

               

              search openna.com

              nameserver 208.164.186.1

              nameserver 208.164.186.2

              • 4. Proxy pass through for internal domains

                The reason it cannot verify the domain is because it is an internal domain only and we dont want to add DNS entry for the outside world to see.  The entry for resolve.conf that is on the web gateway server correct? 

                • 5. Proxy pass through for internal domains
                  jont717

                  The resolv.conf is for internal lookups.    You need to have your internal DNS servers listed here and tell it where to seach for internal hostnames that are entered into Internet Explorer.

                   

                  Use PuTTY to SSH in and edit the file.  Do not put it between the ### BEGIN ..... ### END   or is will be erased when you restart the Web Gateway.

                  • 6. Re: Proxy pass through for internal domains
                    cestrada

                    For internal domains to be bypassed isnt this done via GUI.   Through the GUI arent you suppose to place the domain name onlynot internal DNS ?  Also arent you suppose to place the domain name between the ### BEGIN ..... ### END

                     

                    At least this is what I've been told by UK McAfee..is this incorrect what i have setup right now ?????e.g. ...............

                     

                    ### BEGIN AUTOGENERATED CONFIG

                    search mydomain.net

                    search  anothelocaldomian.net

                    ### END AUTOGENERATED CONFIG

                     

                    Message was edited by: cestrada on 4/20/11 1:31:36 PM CDT
                    • 7. Re: Proxy pass through for internal domains

                      You should not put anything between the ### BEGIN and ### END tags. Everything between will get overritten.

                      Look at the /etc/resolv.conf file itself after you make a change and you should see the data gets erased.

                      • 8. Re: Proxy pass through for internal domains
                        cestrada

                        OK I strongly disagree that this gets overwritten upon reboot.  We have 6 Webgateways all of which have the setting and they never get wiped upon reboot.  I just restarted one of my dev webgateways and they are not overwritten.   Is this a flaw or a bug? Also is this how it should be setup then ...or should it be internal DNS servers not domain servers.

                         

                         

                         

                        search mydomain.net

                        search  anothelocaldomian.net

                        ### BEGIN AUTOGENERATED CONFIG

                        ### END AUTOGENERATED CONFIG

                        • 9. Re: Proxy pass through for internal domains
                          jont717

                          This is how it should be set up.

                           

                          domain company.domain.com

                          search company.domain.com anotherlocaldomain.com andonotherdomain.com

                          ### BEGIN AUTOGENERATED CONFIG

                          nameserver 172.16.xxx.xxx

                          nameserver 172.16.xxx.xxx

                          ### END AUTOGENERATED CONFIG

                           

                          The info between the ### BEGIN AUTOGENERATED CONFIG and ### END AUTOGENERATED CONFIG is put there by the gateway on its own.  If you put your own stuff there, it will be deleted when you reboot.  That is where your DNS servers will be put.

                           

                          "search"  > you can put up to three different domains in one line.  Just seperate them with spaces.  You do not need two "search" statements.

                          1 2 Previous Next