Password Passthrough for Watchguard X550E WebBlocker

I'm trying to find a way to create a passthrough for certian users to gain access to blocked sites. The owner and marketing person would like to gain access to facebook.com so they can promote their business... however, it's on a blocked list on the WatchGuard X550E. Typically other firewalls bring you to the blocked page and has a link where you can enter a passthrough password.  I'm not getting that.  It comes up and says "request denied by watchguard http proxy - WebBlocker."  
Anyone have any idea how to create a link or something on that page so the owner can click it and enter a password which will allow him access to Facebook.com?

Thanks guys!!!
dnscompaniesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
Two ways to accomplish what you wish:
1. If the machines are on static IP then create one more HTTP proxy service and configure as below:
    Enabled and Allowed; from specific-ip-address/range/subnet; to public-ip-of-website
   Please note if there are more than one website please enter all addresses; or enter URL and WG would do one time ns-lookup on them and add all the addresses. If the addresses change at a later point you would need to modify this service manually.
Another option here is to either grant them full access [using HTTP filter service instead] or disabling the specific category under webblocker categories [or adding webblocker exception] and not configuring the to part.
2. If the client are having dynamic IP address, then you can enable Java applet based authentication for them, where if they wish to access a restricted website or for complete access they would first need to log on to java applet, get authenticated and then browse internet. Depending on version of WG software they might need to relogin if the java applet is killed for any reason.
To configure java applet based authentication proceed as below:
In Policy manager, Setup->Authentication->Authorized User/Group; here create user/group with local [firewall] or any other auth server like [LDAP/AD/RADIUS/etc.].
Now in a new HTTP policy configure as below:
    Enabled and Allowed; from specific-user/group; to public-ip-of-website
Again, all other options like using filter HTTP or having exceptions, all apply to this case as well.

The users would need to go to following address to open java applet for authentication:
https://internal-ip-of-wg:4100 [or would be http based on WG software]

Please let know if you need more details.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dnscompaniesAuthor Commented:
Awesome dpk_wal, I'm going to try this tomorrow!
0
dnscompaniesAuthor Commented:
Thank you... sorry for being slow on this. My client has told me to hold off on performing hte actions so I let this question slack a little.  Sorry....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.