Internet Related/Filtering/Firewall Thread, Smoothwall content filter with bluesocket wireless in Technical; Just thinking about this if I go into transparent mode I will then loose all the groups that have been ...
12th November 2009, 10:12 AM #16
Just thinking about this if I go into transparent mode I will then loose all the groups that have been setup through AD authentication and then loose the filter groups that have been setup as these are based on AD group membership.
Effectively this will drop the whole back to just a single level, single filter policy proxy, am I thinking correctly on this?
12th November 2009, 10:12 AM #17
Now I remember why I hadn't set this up now
If you think it through, if the client thinks there is no proxy there (transparent) it isn't going to pass the auth to it. Hence, Smoothie thinks it's a stoopid setup and won't let you do it.
What the clever people at Smoothwall should do, is allow you to turn transparent proxy on for a particular port and assign a filetering policy to transparent traffic. Nudge nudge wink wink guys!
EDIT - Of course, you could just turn on the transparent proxy feature that the BlueSecure unit has... you'll find that in the role settings Oz
Last edited by Ric_; 12th November 2009 at 10:16 AM.
12th November 2009, 10:15 AM #18
I second that !
Hmm will have to stay with the way it is at the moment then and not allow web access via wireless.
Hmm me thinks I could possible allow a loopback via the bluesocket to our SSL VPN and get the students to logon to one of our Terminal Services boxes and get access that way, long winded yes but if they really need access I geuess they will use it.
12th November 2009, 10:17 AM #19
^^ You snook that post in during my edit
12th November 2009, 10:18 AM #20
looking at the bluesocket now, i think i did already try it on there and it would not work but let me give it a go.
12th November 2009, 10:22 AM #21
The problem with multiple authentication methods is that it's passed (AIUI anyway) from the guardian process to Squid, using whatever methods are available on squid.
Originally Posted by Ric_
Using multiple methods would need another instance of squid which may put too high a load on the system and would be quite complex to set up.
12th November 2009, 10:35 AM #22
Nope did not work.
Put BlueSocket into transparent mode on the guests role (the user I am using does go into theis role) and left the smoothie as it is, no go on the web.
12th November 2009, 10:53 AM #23
@ICTNUT: Did you tick the 'Perform transparent proxy request translation on the BSC.' box?
12th November 2009, 11:12 AM #24
Yes I did
Originally Posted by Ric_
12th November 2009, 11:14 AM #25
@ICTNUT: So is it simply not working or are you getting a denied page off of Smoothie? (If so, what does it say?)
12th November 2009, 11:28 AM #26
I have setup one of the laptops to use the proxy.pac that smoothie has and I now have a valid block page coming from the smoothie when trying to access msn.
I would expect this to happen as the smoothie does not know what the unit it so it places it into the unauthenticated IPs group.
This group by default has a global block on it as we have found that if you install chrome or firefox you could surf the web unfiltered
So my next challenge is to try and get filtering to work, but it looks like we maybe moving forward.
12th November 2009, 09:36 PM #27
Few quick updates:
Ric: you're correct - doing auth in transparent mode is impossible - for mere mortal beings. Of course we can do it (yes it is a nasty trick, and only works with ntlm so far)
Dave: you're right about the evils of squid and auth - thats why in FP5 (Summer '10) the all-new version of guardian will take over auth duty from squid, allowing all sorts of multi auth fun.
Of course you guys will all get these upgrades as standard.
you heard it here first
13th November 2009, 09:52 AM #28
ok so the proxy.pac file did not work after all, was just me being a little too eager
I guess there is no way to get this to work will have to reside to the fact that kids just can't surf the web via wireless.
By trekmad in forum Internet Related/Filtering/Firewall
Last Post: 15th March 2009, 07:53 AM
By netadmin in forum Wireless Networks
Last Post: 21st May 2008, 02:43 PM
By netadmin in forum *nix
Last Post: 30th May 2007, 08:12 AM
By tickmike in forum *nix
Last Post: 4th October 2006, 10:42 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)