1 Reply Latest reply on Dec 14, 2011 1:49 AM by asabban

    Proxy and WCCP with Transparent NTLM Authentication

      We are in the process of upgrading from Web Gateway 6.X to Web Gateway 7. As an organization we have the following requirements:

      1. Log all traffic based on username
      2. Block Pornography and Nudity
      3. Allow everything else
      4. Device needs to be as transparent as possible to end users.

       

      We have a virtual appliance set up as a Proxy with WCCP in a test environment. My questions are as follows:

      1. How do we achieve transparent authentication using ActiveDirectory? We are trying NTLM, however lookups are not being cached. Also, it seems that users are authenticating with each request, rather than authenticating with the first request for a period of 5 minutes. We have implemented the ruleset located at: https://community.mcafee.com/thread/29947
      2. We do not want to use SSL Scanning or Anti-Virus/Malwarescanning. Would disabling the rule sets work? Would there be any adverse effects in doing so? Such as having "Set Client Context with CA" disabled...

       

      Thank You

        • 1. Re: Proxy and WCCP with Transparent NTLM Authentication
          asabban

          Hello,

           

          in regards to the transparent authentication I took a quick look into the thread and it looks like what you need. Can you let us know how you identified that each request is authenticated? This would allow us to better understand.

           

          You can turn off SSL Scanning and Gateway AntiMalware for sure. I think you may want to keep  a "Set Client Context with CA" somewhere in the beginning of your rule set. Otherwise you will not be able to see block pages if Web Gateway decided to block something based on HTTPS.  Additionally you may want to make sure that "Transparent Common Name Handling" and "Serve Transparent SSL Connections" are set to true.

           

          This will allow MWG to also get URLs from HTTPS requests in transparent modes. You need the "Set Client Context with CA" Event to give MWG a CA to sign blocked requests with. If you access https://www.blockedsite.com and do not have that Event enabled before, MWG will respond with a plain-text block page. Browsers to not like that very much and give very funny error messages, such as "Proxy refused the connection" or other error messages.

           

          Best,

          Andre