+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
Internet Related/Filtering/Firewall Thread, Smoothwall content filter with bluesocket wireless in Technical; Just thinking about this if I go into transparent mode I will then loose all the groups that have been ...
  1. #16
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    Just thinking about this if I go into transparent mode I will then loose all the groups that have been setup through AD authentication and then loose the filter groups that have been setup as these are based on AD group membership.

    Effectively this will drop the whole back to just a single level, single filter policy proxy, am I thinking correctly on this?

  2. #17

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    Now I remember why I hadn't set this up now

    If you think it through, if the client thinks there is no proxy there (transparent) it isn't going to pass the auth to it. Hence, Smoothie thinks it's a stoopid setup and won't let you do it.

    What the clever people at Smoothwall should do, is allow you to turn transparent proxy on for a particular port and assign a filetering policy to transparent traffic. Nudge nudge wink wink guys!

    EDIT - Of course, you could just turn on the transparent proxy feature that the BlueSecure unit has... you'll find that in the role settings Oz
    Last edited by Ric_; 12th November 2009 at 10:16 AM.

  3. #18
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    I second that !

    Hmm will have to stay with the way it is at the moment then and not allow web access via wireless.

    Hmm me thinks I could possible allow a loopback via the bluesocket to our SSL VPN and get the students to logon to one of our Terminal Services boxes and get access that way, long winded yes but if they really need access I geuess they will use it.

  4. #19

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    ^^ You snook that post in during my edit

  5. #20
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    looking at the bluesocket now, i think i did already try it on there and it would not work but let me give it a go.

  6. #21
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,470
    Thank Post
    10
    Thanked 497 Times in 437 Posts
    Rep Power
    113
    Quote Originally Posted by Ric_ View Post
    Now I remember why I hadn't set this up now

    If you think it through, if the client thinks there is no proxy there (transparent) it isn't going to pass the auth to it. Hence, Smoothie thinks it's a stoopid setup and won't let you do it.

    What the clever people at Smoothwall should do, is allow you to turn transparent proxy on for a particular port and assign a filetering policy to transparent traffic. Nudge nudge wink wink guys!

    EDIT - Of course, you could just turn on the transparent proxy feature that the BlueSecure unit has... you'll find that in the role settings Oz
    The problem with multiple authentication methods is that it's passed (AIUI anyway) from the guardian process to Squid, using whatever methods are available on squid.

    Using multiple methods would need another instance of squid which may put too high a load on the system and would be quite complex to set up.

  7. #22
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    Nope did not work.

    Put BlueSocket into transparent mode on the guests role (the user I am using does go into theis role) and left the smoothie as it is, no go on the web.

  8. #23

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    @ICTNUT: Did you tick the 'Perform transparent proxy request translation on the BSC.' box?

  9. #24
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    Quote Originally Posted by Ric_ View Post
    @ICTNUT: Did you tick the 'Perform transparent proxy request translation on the BSC.' box?
    Yes I did

  10. #25

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    @ICTNUT: So is it simply not working or are you getting a denied page off of Smoothie? (If so, what does it say?)

  11. #26
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    Right update:

    I have setup one of the laptops to use the proxy.pac that smoothie has and I now have a valid block page coming from the smoothie when trying to access msn.

    I would expect this to happen as the smoothie does not know what the unit it so it places it into the unauthenticated IPs group.

    This group by default has a global block on it as we have found that if you install chrome or firefox you could surf the web unfiltered

    So my next challenge is to try and get filtering to work, but it looks like we maybe moving forward.

  12. #27


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    867
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Few quick updates:
    Ric: you're correct - doing auth in transparent mode is impossible - for mere mortal beings. Of course we can do it (yes it is a nasty trick, and only works with ntlm so far)

    Dave: you're right about the evils of squid and auth - thats why in FP5 (Summer '10) the all-new version of guardian will take over auth duty from squid, allowing all sorts of multi auth fun.

    Of course you guys will all get these upgrades as standard.
    you heard it here first

  13. #28
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    ok so the proxy.pac file did not work after all, was just me being a little too eager

    I guess there is no way to get this to work will have to reside to the fact that kids just can't surf the web via wireless.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Smoothwall Web Content Filter Problem
    By trekmad in forum Internet Related/Filtering/Firewall
    Replies: 8
    Last Post: 15th March 2009, 07:53 AM
  2. Advice needed on content filter setup
    By netadmin in forum Wireless Networks
    Replies: 5
    Last Post: 21st May 2008, 02:43 PM
  3. VMWare internet content filter server
    By netadmin in forum *nix
    Replies: 3
    Last Post: 30th May 2007, 08:12 AM
  4. Replies: 13
    Last Post: 4th October 2006, 10:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •