search cancel

Bypassing authentication on the ProxySG based on the destination URL

book

Article ID: 165425

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

  • Bypassing authentication on the ProxySG based on the destination URL
  • How do I bypass proxy authentication based on the destination URL?
  • I am trying to obtain access to a remote webmail server and authentication is getting in the way.
  • How do I work around authentication so that it does not get in the way?

Resolution

There may be times when authentication does not work for a particular URL.  That remote URL may be a remote Microsoft Exchange server that is connected to a different domain controller.  Whatever the case may be, when authentication is enabled on the ProxySG, that site does not work correctly.  Here are the steps necessary in order to bypass authentication based on a destination URL.

  1. Open the Management Console on the ProxySG (https://<ip.address.of.proxysg>:8082/ )
  2. Click on the Configuration tab > Policy > Visual Policy Manager > Launch
  3. In the Web Authentication layer, add a new rule above the authentication rule that prompting for authentication.
  4. In the Destination column, right click and select Set... > New... > Request URL...
  5. The "Add Request URL Object" pop-up will appear.  You can do a simple match, regular expression match, or advanced match.  Generally, the simple match is sufficient.
  6. In the simple match URL, type in the URL where you want to bypass authentication then click on the Add and Close buttons.  In this example, we want to bypass authentication going to example.com.
  7. In the "Set Destination Object" box, you should see "Request URL: example.com".  Select the URL that was added and click on the OK button.
  8. In the Action column, right click and select Set... > Do Not Authenticate > Click on the OK button.  The rule should now read that any request for example.com will not be authenticated.  NOTE:  Depending on the version of SGOS you are running, you may see a "Do Not Authenticate (Forward Credentials)."  Depending on how your ProxySG behaves, you may need to use "Do Not Authenticate (Forward Credentials)" instead of the plain "Do Not Authenticate".
  9. Go to the Web Access layer.  Add a rule and place it below any deny rules that you have (rules that block objectionable material), but above the rule that has "Authenticated User" as the source and "Allow" as the action.  NOTE:  It may make sense to place the rule elsewhere in the list of policy rules.
  10. Select the same destination that you created in step 6 above, which in this example would be "Request URL: example.com".
  11. In the Action column, select "Allow".
  12. Click on the Install Policy button.
  13. Test and make sure the new rules work as expected.