1 2 Previous Next 13 Replies Latest reply on Apr 1, 2014 2:26 PM by Jon Scholten

    Placing Web Gateways 7.x in a distributed environment causes authentication nightmares.

    whitead

      So We currently have a farm of about 14 old 6.x webgateways on old hardware and are replacing with 8 new MWG 7.x applainces. However we currently do Transparent proxy. But we have new requirements goign forward to authenticat users. But more than anything they want to just be able to track users and run reports on what they are doing.

       

      We have roughly 40,000 users, over about 10-12 domains and networks that do share one common network pipe out to the internet which is were we place our current webgateways. But placing the new ones here and  doign authentication for all 10 networks/domains has become a huge undertaking. Some networks will more controlled than others so explicit proxy works but for most it wont work. but tansparent autnetication using authenication server would be extremely chatty for 40000 users and isn't true autneitcation using a session.

       

      So we had thought about settign up VM or hardware Web Gateways at the local network pipe that feeds into the main network to do just URL filtering, authentiction and tracking of users. Then at a enterprise level having a bank of MWG's to do more enterprise security of AV and Spam and over all blocks if that makes sense? Its kinda distrubuted but runs traffic through MWG's twice. not even sure this woul dbe feasible.

       

       

      Has anyone else ran into issues were ahving all the wbe gateways centrally located has caused a great deal of issues to do authentication?

       

      Any suggestion, questions or comments would be appreciated.

        1 2 Previous Next