Configure CacheGuard as a child proxy

Discuss and get help to configue CacheGuard to protect internet users
Post Reply
andalosy
Posts: 2
Joined: 24 Mar 2016 17:01

Configure CacheGuard as a child proxy

Post by andalosy »

Hi There,

I have a need to allow a group of users to access the internet in transparent proxy mode. I already have an ISA proxy using NTLM to authenticate users. Is it possible to "chain" CacheGuard with my ISA proxy so that CacheGuard authenticate against ISA as a single user and provides internet transparent access to those group of users?

Thanks
Mohamed
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Configure CacheGuard as a child proxy

Post by david »

Dear Mohamed

It's perfectly possible to chain CG with another Web proxy but the current version does not support the authentication to the remote proxy (as the chaining is initially designed to chain a CG with another CG and in this case the authentication is usually done at the first level proxy).

However on your ISA server you can disable the authentication for the external IP address of your CG (if possible) and configure your CG to use your ISA server as a next proxy. To do so use the following commands:

Code: Select all

peer next add <isa-server-ip> <isa-server-web-proxy-port>
apply
You can alternatively use the following Web GUI menu item: [GENERAL] > [Peer Appliances] > [Forwarding Next Peers]

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
andalosy
Posts: 2
Joined: 24 Mar 2016 17:01

Re: Configure CacheGuard as a child proxy

Post by andalosy »

Hi David,

Thank you for the help. I applied it and it work fine for me.

Another question. Will the CacheGuard be able to forward HTTPS requests from clients in Transparent Mode?
Thanks again for your help.

Mohamed
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Configure CacheGuard as a child proxy

Post by david »

Hi

I'm happy to hear that.

In response to your question regarding the transparent interception of HTTPS requests, CG v1.1.5 can't do that because the nature of the HTTPS. To be able to transparently intercept HTTPS traffic you should break and rebuild the SSL which is considered as a MiM (Man in the Middle) attack.

However the future version of CG (NG-1.2.0) integrates an SSL mediation mode which is able to inspect and cache HTTPS traffic (useful for https://youtube.com for instance). The SSL mediation will also be possible in transparent mode. FYI we are on the edge to release that new version.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply