Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WatchGuard and Active Directory

Status
Not open for further replies.
dput

dput

IS-IT--Management
Jul 12, 2001
387
US
We currently use a WatchGuard X1000 as our firewall, but we also have a Microsoft ISA Server acting as a firewall proxy on the inside of our network. The ISA server does serve as a proxy server, but it's biggest use is to authenticate users using Active Directory. We only allow authenticated users out, we have some employees who have no Internet Access.

Can we do this authentication from the WatchGuard? I would like to simplify our network and we are having problems with people not being able to do some functions with this double firewall arrangement.

Dan
 
Sort by date Sort by votes
yes you can do this. you can intregrate the X-auth with HTTP access on watchguard. go to setup>>authentication server, chose the appropriate server and put the ip address of the server.
Hit the test button on the bottom of the same window. you should see all your users and groups listed there.

then you can use the outgoing field of the HTTP service to add the users who are allowed to go out.

YOU can also integrate webblocker with this by creating diffrent HTTP proxy services for doffrent groups and then adding then respectivly.
 
Upvote 0 Downvote
Unfortunately, the Watchguard authentication using AD seems to require the users to enter their user name and password when they go to the internet. The ISA server picks up the credentials from the workstation which is much friendlier to the user.

I will not be able to implement this with it working this way. I am hoping that Watchguard will improve this in the near future.

Thanks,

Dan
 
Upvote 0 Downvote
yeah...this is heard lots of times from people using watchguard that everyone will have to go to and then put in the uid and password info to get to the internet.

You being a watchguard customer can call 8772323531 and raise a feature request for this if you want...and that is free incident in your account.
 
Upvote 0 Downvote
I have already contacted them and asked for this to be added. We now need everyone else to do so. I understand that these types of things are prioritized by the quantity of requests.

Dan
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
335
hairlessupportmonkey
hairlessupportmonkey
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
735
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
570
Nitta84
Nitta84
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
321
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top