?
Solved

Password Passthrough for Watchguard X550E WebBlocker

Posted on 2010-05-11
4
Medium Priority
?
1,203 Views
Last Modified: 2013-11-16
I'm trying to find a way to create a passthrough for certian users to gain access to blocked sites. The owner and marketing person would like to gain access to facebook.com so they can promote their business... however, it's on a blocked list on the WatchGuard X550E. Typically other firewalls bring you to the blocked page and has a link where you can enter a passthrough password.  I'm not getting that.  It comes up and says "request denied by watchguard http proxy - WebBlocker."  
Anyone have any idea how to create a link or something on that page so the owner can click it and enter a password which will allow him access to Facebook.com?

Thanks guys!!!
0
Comment
Question by:dnscompanies
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 32702627
Two ways to accomplish what you wish:
1. If the machines are on static IP then create one more HTTP proxy service and configure as below:
    Enabled and Allowed; from specific-ip-address/range/subnet; to public-ip-of-website
   Please note if there are more than one website please enter all addresses; or enter URL and WG would do one time ns-lookup on them and add all the addresses. If the addresses change at a later point you would need to modify this service manually.
Another option here is to either grant them full access [using HTTP filter service instead] or disabling the specific category under webblocker categories [or adding webblocker exception] and not configuring the to part.
2. If the client are having dynamic IP address, then you can enable Java applet based authentication for them, where if they wish to access a restricted website or for complete access they would first need to log on to java applet, get authenticated and then browse internet. Depending on version of WG software they might need to relogin if the java applet is killed for any reason.
To configure java applet based authentication proceed as below:
In Policy manager, Setup->Authentication->Authorized User/Group; here create user/group with local [firewall] or any other auth server like [LDAP/AD/RADIUS/etc.].
Now in a new HTTP policy configure as below:
    Enabled and Allowed; from specific-user/group; to public-ip-of-website
Again, all other options like using filter HTTP or having exceptions, all apply to this case as well.

The users would need to go to following address to open java applet for authentication:
https://internal-ip-of-wg:4100 [or would be http based on WG software]

Please let know if you need more details.

Thank you.
0
 

Author Comment

by:dnscompanies
ID: 32777611
Awesome dpk_wal, I'm going to try this tomorrow!
0
 

Author Comment

by:dnscompanies
ID: 32981148
Thank you... sorry for being slow on this. My client has told me to hold off on performing hte actions so I let this question slack a little.  Sorry....
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question