Configure CacheGuard as a child proxy

Discuss and get help configuring CacheGuard to protect Web end-users
andalosy
Posts: 2
Joined: 24 Mar 2016 17:01

Configure CacheGuard as a child proxy

Postby andalosy » 24 Mar 2016 17:12

Hi There,

I have a need to allow a group of users to access the internet in transparent proxy mode. I already have an ISA proxy using NTLM to authenticate users. Is it possible to "chain" CacheGuard with my ISA proxy so that CacheGuard authenticate against ISA as a single user and provides internet transparent access to those group of users?

Thanks
Mohamed

User avatar
david
Posts: 93
Joined: 08 Aug 2015 20:38

Re: Configure CacheGuard as a child proxy

Postby david » 24 Mar 2016 20:04

Dear Mohamed

It's perfectly possible to chain CG with another Web proxy but the current version does not support the authentication to the remote proxy (as the chaining is initially designed to chain a CG with another CG and in this case the authentication is usually done at the first level proxy).

However on your ISA server you can disable the authentication for the external IP address of your CG (if possible) and configure your CG to use your ISA server as a next proxy. To do so use the following commands:

Code: Select all

peer next add <isa-server-ip> <isa-server-web-proxy-port>
apply

You can alternatively use the following Web GUI menu item: [GENERAL] > [Peer Appliances] > [Forwarding Next Peers]

Best Regards,
David Jan
CacheGuard Technical Team
http://www.cacheguard.com

andalosy
Posts: 2
Joined: 24 Mar 2016 17:01

Re: Configure CacheGuard as a child proxy

Postby andalosy » 03 Apr 2016 13:42

Hi David,

Thank you for the help. I applied it and it work fine for me.

Another question. Will the CacheGuard be able to forward HTTPS requests from clients in Transparent Mode?
Thanks again for your help.

Mohamed

User avatar
david
Posts: 93
Joined: 08 Aug 2015 20:38

Re: Configure CacheGuard as a child proxy

Postby david » 03 Apr 2016 14:23

Hi

I'm happy to hear that.

In response to your question regarding the transparent interception of HTTPS requests, CG v1.1.5 can't do that because the nature of the HTTPS. To be able to transparently intercept HTTPS traffic you should break and rebuild the SSL which is considered as a MiM (Man in the Middle) attack.

However the future version of CG (NG-1.2.0) integrates an SSL mediation mode which is able to inspect and cache HTTPS traffic (useful for https://youtube.com for instance). The SSL mediation will also be possible in transparent mode. FYI we are on the edge to release that new version.

Best Regards,
David Jan
CacheGuard Technical Team
http://www.cacheguard.com


Return to “Configure CacheGuard in frowarding mode”

Who is online

Users browsing this forum: No registered users and 1 guest