A friend's business has a hardware firewall at the moment, and is interested in replacing it with an Astaro if we can demonstrate how the Web Filtering might be able to block and report by user ID, integrating with Active Directory.
So currently, I have a Virtual Appliance version of the ASG installed using only one interface. Each client is configured with the hardware firewall as the gateway, and then the ASG as a proxy server, configured per PC in the browser.
We have the ASG successfully seeing logins, blocking sites, reporting on usage, etc. Everything works fine, except that this company does a lot of work on banking sites, and of course that uses HTTPS. All of the bank sites (or any public site that has a https:// URL) is prompting the user that the site may be unsafe.
In doing my research, I thought I understood that importing the Web Proxy certificate from the ASG into the client machine's certificate store would resolve this problem, but it has not. So either I have some configured wrong, or I'm not correct about how this should work. A couple of other online application that rely on SSL are also failing completely, I assume because they don't prompt the user about the certificate and just fail.
Bottom line, how do I set up the ASG to proxy all Internet outbound requests, still use the hardware firewall as the gateway, and enable HTTPS to work as expected?
Thanks
So currently, I have a Virtual Appliance version of the ASG installed using only one interface. Each client is configured with the hardware firewall as the gateway, and then the ASG as a proxy server, configured per PC in the browser.
We have the ASG successfully seeing logins, blocking sites, reporting on usage, etc. Everything works fine, except that this company does a lot of work on banking sites, and of course that uses HTTPS. All of the bank sites (or any public site that has a https:// URL) is prompting the user that the site may be unsafe.
In doing my research, I thought I understood that importing the Web Proxy certificate from the ASG into the client machine's certificate store would resolve this problem, but it has not. So either I have some configured wrong, or I'm not correct about how this should work. A couple of other online application that rely on SSL are also failing completely, I assume because they don't prompt the user about the certificate and just fail.
Bottom line, how do I set up the ASG to proxy all Internet outbound requests, still use the hardware firewall as the gateway, and enable HTTPS to work as expected?
Thanks