03-26-2008 06:34 AM
Hi,
Does anyone have this kind of setup?
Existing proxy is squid, MAC was used to filter users with internet connections.
No domain controller on the client side and has a dhcp environment.
Any tips?
Capt. Winters
03-26-2008 04:13 PM
Captain Winters,
Currently the WSA does not provide any filtering based on MAC addresses. All policies utilize IPs or authenticated usernames / groups. I do not believe MAC policies are on the road map, but I can file this as an enhancement request if it is something you desire.
Since you are using DHCP, I would typically recommend using authentication and building policies based on user / group. You state that you have no DC on the client side though.
If there is a DC near by, it can be used for authentication. Or if you have an LDAP server, that would suffice as well.
Hope this information helps.
03-27-2008 10:35 AM
Hi Josh,
Thanks for your reply.
They filter web access by manually defining the mac addresses of the clients on their current proxy (SQUID).
I will setup my ironport as downstream proxy which will point to the upstream proxy which is the SQUID.
Is there any configuration write ups on this one?
I already configured the ironport to have an UPSTREAM proxy which is the ip address of the SQUID proxy : port number.
As per manual, there are two options on the UPSTREAM , transparent and forward mode...which do i use and how do i configure the IRONPORT.
Would be highly appreciated...thank you.
capt. winters
03-27-2008 04:27 PM
Capt. Winters,
The WSA can can use the squid as both an explicit or transparent proxy. This will change how the WSA creates its own requests to fetch the objects.
With a transparent upstream proxy, there is nothing additional that needs to be done. The WSA will send it's requests to the configured default gateway.
With an explicit upstream proxy, you will need to enter your Squid's IP and port (typically 80 or 8080) to be used. The WSA will send requests directly to the Squid proxy, as opposed to the default gateway.
Both of these options are configured under the Network tab -> Upstream proxy.
The only real difference between not using an upstream proxy and using a transparent upstream proxy, is that with the latter the WSA will forward internal credentials upstream to the squid (if the squid is doing authentication).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: