Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Reverse Proxy: Authentication Offloading like TMG

will there be a feature like Authentication / captive portal (e.g. the proxy settings"transparent with authentication" ) for enabling a reverse proxy?
This would be so usfull for small installations with no frontend exchange / DMZ.
(juniper calls this "webauth" )

322 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Thomas BeerThomas Beer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Klaus CremerKlaus Cremer shared a merged idea: Implement pre authentication and authentication delegation in Reverse Proxy  ·   · 
    Thomas WestersThomas Westers shared a merged idea: Form based authentication for Web Application  ·   · 
    Christian BahnChristian Bahn shared a merged idea: Authentication against AD for access to WEB server  ·   · 

    22 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MarkDMarkD commented  ·   ·  Flag as inappropriate

        Unfortunately the UTM 9.2 only has the option for Basic Authentication to the Real webserver. You really need to support Kerberos and even Kerberos Constrained Delegation to accomodate a wide range of Microsoft Implementations.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        2-factor Forms based auth would be nice - ie. AD creds & radius lookup for RSA token (the citrix access gateway can do this)

      • jbakels@baisi.comjbakels@baisi.com commented  ·   ·  Flag as inappropriate

        I too would like to see forms based authentication on the UTM. It would be nice to have users authenticated before entering the network for sites like SharePoint.

      • Aaron BugalAaron Bugal commented  ·   ·  Flag as inappropriate

        Given the demise of ISA and TMG; many organisations are using Forms Based Authentication over SSL provided by the TMG to the world. Once a user is authenticated to a backend (typically AD), an SSO action is performed against the Exchange Client Access Service; presenting au authenticated Outlook Web Access session.

        Currently, with the Sophos WAF, we simply publish the CAS; however, the issue is that in some cases SSL certificates are NOT used, as the TMG only requires SSL from external and then internally requests OWA content via HTTP.
        As such, our current implementation requires those customers to configure the IIS server sustaining the OWA/CAS system with an SSL certificate that is publically verifiable.

      • Tim BauerTim Bauer commented  ·   ·  Flag as inappropriate

        Would love to see this! If you implement a working solution, which will publish a captive portal using ldap for auth and redirects the credentials directly to the Outlook Web Access (standardauth), you could be the only real alternative for microsofts TMG. There is no solution out there, which handles the owa auth that well.... we have many customers asking for this.

      • EddyEddy commented  ·   ·  Flag as inappropriate

        I woud love to see this feature to be implemented ASAP.
        I hope the next version will have it.

      • Ludovic PenyLudovic Peny commented  ·   ·  Flag as inappropriate

        This feature can also be a good workaround for HTTP resources we would like to publish in the HTML5 portal but that are limited to 1 user (and we don't want to define x times the same resource).

      • netman_71netman_71 commented  ·   ·  Flag as inappropriate

        hi together,

        this feauture is very important, we have many requests for searching a tmg alternative especially owa publishing and controll access for different user groups.
        how many votes needed to force this request ?

        thx
        hans

      • Martin HerbertMartin Herbert commented  ·   ·  Flag as inappropriate

        Please as soon as possible!! That would be a great feature for the ReverseProxy. Citrix calls it AccessGateway..

      • Anonymous commented  ·   ·  Flag as inappropriate

        hi Gert (@ Astaro), any further progress on this. We are planning to implement a web based CRM/ERP I would like to protect in addition... thx

      • MattMatt commented  ·   ·  Flag as inappropriate

        I 2nd this, I would love to expose a few internal web sites to my users OUTSIDE of my network. Having AD Authentication for the Web Application module would be perfect. Our old Novell iChain had this feature, it was very nice.

      • Scott KlassenScott Klassen commented  ·   ·  Flag as inappropriate

        Do you mean WebAdmin? This already exists. You can set access to admin by user or groups, which can be setup as linked to backend (AD) accounts or groups.

      • maxhqmaxhq commented  ·   ·  Flag as inappropriate

        An authentication portal is the only missing feature that keeps us from offering OWA via Internet... It would be a great thing!

      • rf from shlrf from shl commented  ·   ·  Flag as inappropriate

        For an easier implementation of Outlook Web Access (OWA) it is a must!
        We' ve got actual 3 costumers, who needs this feature .

      • Anonymous commented  ·   ·  Flag as inappropriate

        The new reverse proxy feature is great to protect public webservers. To really protect company-insides (OWA, CRM,..) a captive portal with a dedicated authentication (backend e.g. LDAP, SSO, AAA (RSA)...) is a must. Without this, ISA servers and oder similar products would still be required.

      ← Previous 1

      Feedback and Knowledge Base