Hi There,
I have a need to allow a group of users to access the internet in transparent proxy mode. I already have an ISA proxy using NTLM to authenticate users. Is it possible to "chain" CacheGuard with my ISA proxy so that CacheGuard authenticate against ISA as a single user and provides internet transparent access to those group of users?
Thanks
Mohamed
Configure CacheGuard as a child proxy
Re: Configure CacheGuard as a child proxy
Dear Mohamed
It's perfectly possible to chain CG with another Web proxy but the current version does not support the authentication to the remote proxy (as the chaining is initially designed to chain a CG with another CG and in this case the authentication is usually done at the first level proxy).
However on your ISA server you can disable the authentication for the external IP address of your CG (if possible) and configure your CG to use your ISA server as a next proxy. To do so use the following commands:
You can alternatively use the following Web GUI menu item: [GENERAL] > [Peer Appliances] > [Forwarding Next Peers]
Best Regards,
It's perfectly possible to chain CG with another Web proxy but the current version does not support the authentication to the remote proxy (as the chaining is initially designed to chain a CG with another CG and in this case the authentication is usually done at the first level proxy).
However on your ISA server you can disable the authentication for the external IP address of your CG (if possible) and configure your CG to use your ISA server as a next proxy. To do so use the following commands:
Code: Select all
peer next add <isa-server-ip> <isa-server-web-proxy-port>
apply
Best Regards,
Re: Configure CacheGuard as a child proxy
Hi David,
Thank you for the help. I applied it and it work fine for me.
Another question. Will the CacheGuard be able to forward HTTPS requests from clients in Transparent Mode?
Thanks again for your help.
Mohamed
Thank you for the help. I applied it and it work fine for me.
Another question. Will the CacheGuard be able to forward HTTPS requests from clients in Transparent Mode?
Thanks again for your help.
Mohamed
Re: Configure CacheGuard as a child proxy
Hi
I'm happy to hear that.
In response to your question regarding the transparent interception of HTTPS requests, CG v1.1.5 can't do that because the nature of the HTTPS. To be able to transparently intercept HTTPS traffic you should break and rebuild the SSL which is considered as a MiM (Man in the Middle) attack.
However the future version of CG (NG-1.2.0) integrates an SSL mediation mode which is able to inspect and cache HTTPS traffic (useful for https://youtube.com for instance). The SSL mediation will also be possible in transparent mode. FYI we are on the edge to release that new version.
Best Regards,
I'm happy to hear that.
In response to your question regarding the transparent interception of HTTPS requests, CG v1.1.5 can't do that because the nature of the HTTPS. To be able to transparently intercept HTTPS traffic you should break and rebuild the SSL which is considered as a MiM (Man in the Middle) attack.
However the future version of CG (NG-1.2.0) integrates an SSL mediation mode which is able to inspect and cache HTTPS traffic (useful for https://youtube.com for instance). The SSL mediation will also be possible in transparent mode. FYI we are on the edge to release that new version.
Best Regards,