home › Decor › Setting up Usergate - accounting for Internet traffic in the local network. Internet access using UserGate Usergate 2.8 uniform distribution of the channel

Setting up Usergate - accounting for Internet traffic in the local network. Internet access using UserGate Usergate 2.8 uniform distribution of the channel

And today we will talk about setting up an elementary proxy server. Surely many of you have heard such a thing as a proxy, but did not really delve into its definition. If to speak plain language, then the proxy server is an intermediate link between computers on the network and the Internet. This means that if such a server is implemented in the grid, then access to the Internet is not carried out directly through the router, but is pre-processed by the intermediary station.

Why do you need a proxy server in local network? What benefits will we get after installing it? The first important property is the possibility of caching and long-term storage of information from websites on the server. This allows you to significantly reduce the load on the Internet channel. This is especially true in those organizations where access to the global network is still carried out via ADSL technologies. So, for example, if during a practical lesson students are looking for the same type of information from specific sites, then after the complete download of information from the resource at one station, the speed of its download to the rest increases significantly.

Also, with the introduction of a proxy server, the system administrator gets into his own hands effective tool, which allows you to control user access to all websites. That is, if you observe that a certain little man spends his working time for a game of tanks or for watching TV shows, you can cover up his access to these delights of life. Or you can mock, gradually lowering the connection speed ... or blocking only certain features, for example, downloading pictures after dinner. In general, there is where to turn around. It is the sysadmin's control over the proxy server that makes his friends even kinder, and his enemies angrier.

In this article, we will take a closer look at installing and configuring the UserGate 2.8 proxy. This version The program came out in May 2003. I didn't even have a computer back then. Nevertheless, it is this release of the usergate that is still considered the most successful due to the stability of work and ease of setup. Of course, the functionality is not enough, besides, there is a limit on the number of simultaneously working users. Their number should not exceed 300 people. Personally, this barrier does not sadden me much. For if you administer a grid with 300 machines, then you certainly will not use such software. UG 2.8 is the lot of small office and home networks.

Well, I think it's time to tie with ranting. Download UserGate from torrents or by this link, select a computer as your future proxy server and immediately proceed with the installation.

Installation and activation

Step 1. This application is one of the easiest to install. One gets the impression that we are not installing a proxy server, but picking our noses. Run the Setup.exe file and accept the agreement in the first window. We click "Next".

Step 2 Choose a location for installation. I'll probably leave it at the default. Click "Start" and wait for the installation process to complete.

Step 3 Voila. Installation completed. Don't forget to tick the "Start installed application"And boldly poke at" OK.

Step 4 Damn! The 2003 program is not free. Need a license. That is OK. There is a cure in the archive we uploaded. Open the "Crack" folder, and in it we find the only Serial.txt file. Copy from it the license number and serial number. Just two lines. It's hard to be wrong.

Step 5 In the lower right corner on the panel with notification icons, double-click on the blue usergate icon and make sure that the program is installed and activated correctly.

Setting up a proxy server

Step 1. The first step is to make sure that our server has a static IP address. To do this, go to "Start - Control Panel - Network and Sharing Center - Change adapter settings" and right-click on the network card through which the local network is accessed. In the list that opens, select the item "Properties - Internet Protocol Version 4" and make sure that a fixed IP address is specified. It is he who we will set as a proxy intermediary on all client stations.

Step 2 We return to our program. In the "Settings" tab, we are looking for the "HTTP" protocol and specifying the port (you can leave it by default), together with the ability to work via FTP, allow its use. This setting allows users to view web pages in a browser. As a port, it is not at all necessary to use the standard options 8080 or 3128. You can come up with something of your own. This will significantly increase the level of network security, the main thing is to choose a number in the range from 1025 to 65535 and you will be happy.

Step 3 The next step is to enable caching. As we said earlier, this will significantly increase the load on the same resources on client stations. The longer the storage time and the cache size, the greater the load on RAM proxy server. However, outwardly, the page loading speed in the browser will be higher than without using the cache. I always set the retention time to 72 hours (equivalent to two days) and set the cache size to 2 gigabytes.

Step 4 It's time to move on to creating user groups. To do this, in the menu item of the same name, select the “Default” user group and click “Change”.

Rename the default group and click on the "Add" button.

It's time to create users. I usually enter the full network name of the computer in the "Name" field, which can be viewed in the system properties on the client machine. This is convenient if the network is small, and we have decided that this program is not suitable for a serious network. We select the type of authorization "By IP address" and as a login we prescribe the client's IP address. Where to watch it we have already considered earlier. In small networks, old fashioned admins prescribe IP manually on all wheelbarrows in the old fashioned way and almost never change them.

class="eliadunit">

Step 5 Now let's deal with the most interesting. Namely, the restriction of users. Even in a small network, it is preferable to work with groups rather than with individual users. Therefore, we select our created group and go to the "Work Schedule" tab. In it, we can choose the days and hours in which access to the Internet for our group will be open.

Scroll to the right and on the "Restrictions" tab, specify the speed of Internet access for a group of users. Click "Set restrictions for group users" and only then on the "Apply" button. Thus, we limited the access speed for each user from the Computer Class group to 300 kb/s. This is certainly not much, but it is quite enough for practical exercises.

Step 6 This should complete the basic setup, but I would like to talk more about the “Filter” parameter. In this tab, you can restrict user access to certain sites. To do this, just add a link to the site in the list. However, I note that this setting does not work quite correctly. For many modern sites have already switched from the HTTP protocol to the more secure HTTPS. And a 2003 proxy server can't handle a beast like that. Therefore, it is not worth demanding high-quality content filtering from this version.

Step 7 And the final touch is saving all our settings in a separate file (for every fireman) and protecting the proxy server from the interference of prying hands. All this can be done in the "Advanced" section. Enter the password, then confirm it. Let's apply. And only now we click on the button to save the configuration. Specify the save location. Everything. Now if something goes wrong. Or you decide to experiment with the settings. Have a backup copy ready.

Setting up client stations

Step 1. We have finished setting up the proxy server. We pass to the client station. First of all, you need to make sure that it has the IP address registered on our server. If you remember, during the configuration, we specified that the client named Station01 has the address 192.168.0.3. Let's make sure of this.

Step 2 Next, you need to register the address of the proxy server and its port in the system. To do this, go to the following path "Start - Control Panel - Internet Options (XP) or Browser (7) - Connections - Network Settings" and by enabling the use of a proxy server, set its address and port for the HTTP connection. Click "OK" in this and the previous window.

Step 3 Excellent. We are already at the finish line. We open the browser and if you have configured everything correctly, then the home page should open.

Here I want to clarify one more point. You can configure your computer so that only one browser works through the proxy, and not all at once. To do this, go to the tab "Tools - Settings - Advanced - Network - Configure" and select the manual setting to register the same IP address and port of the server.

Well, let's check the operation of the filters .. Now let's try to go to one of them. As expected, the resource is blocked.

Traffic monitoring

But what happens on the server? Work is in full swing. In the tab with users, we can track how many megabytes were downloaded and transferred by our wards in a day, month, and even a year!

The "Connections" tab allows you to track which resource the client is currently visiting. Classmates? In contact with? Or still busy with work.

If suddenly our user managed to close a curious site, it does not matter. You can always look at the history on the "Monitor" tab.

Conclusion

I think it's time to turn around. Finally, I would like to say that the topic for this material was chosen for a reason. In my hometown, version 2.8 of the usergate works in most enterprises with a poorly developed network infrastructure. Perhaps today the situation has changed in better side, but in the middle of 2013, it was then that I was running around the city servicing the Garant information and legal system, everything was exactly like that. Gate simply took over the networks of commercial and non-profit enterprises different suits. And given that the financial crisis hit a year later, I don't think any of them forked out on a travel proxy.

Despite the shortcomings in the form of the lack of HTTPs, a crooked filter, the impossibility of intuitive torrent settings, etc. UserGate 2.8 will be remembered by all admins for a long time as the most stable and unpretentious version of a proxy server in history. New versions of the program boast the ability to authorize domain users, Firewall, NAT, high-quality content filtering and other goodies. However, you have to pay for all this pleasure. And pay a lot (54,600 rubles for 100 cars). Fans of freebies, this alignment is not to their liking.

Taxi think it's time to say goodbye. Friends, I want to remind you that if the material was useful to you, then like it. And if this is your first time on our site, then subscribe. After all, regular structured releases in the field information technologies on a free basis, a rarity in Runet. By the way, for freeloaders, I will soon make an issue about another SmallProxy proxy server. This kid, despite being free, is no worse than a usergate and has proven itself perfectly. So subscribe and wait. See you in a week. Bye everyone!

class="eliadunit">

Today, the Internet is not only a means of communication or a way of spending leisure time, but also a working tool. Searching for information, participating in auctions, working with clients and partners require the presence of company employees on the Web. Most computers used both for personal purposes and for the interests of the organization have Windows operating systems installed. Naturally, all of them are equipped with mechanisms for providing access to the Internet. Starting with Windows 98 Second Edition, Internet Connection Sharing (ICS) is built into Windows operating systems as a standard feature, which provides group access from a local network to the Internet. Later, Windows 2000 Server introduced the Routing and Remote Access Service (routing and remote access) and implemented support for the NAT protocol.

But ICS has its drawbacks. So, this function changes the address of the network adapter, and this can cause problems on the local network. Therefore, it is preferable to use ICS only in home or small office networks. This service does not provide for user authorization, so it is undesirable to use it on a corporate network. If we talk about the application in the home network, then the lack of authorization by username also becomes unacceptable here, since IP and MAC addresses are very easy to fake. Therefore, although in Windows there is the possibility of organizing unified access to the Internet, in practice, either hardware or software independent developers. One such solution is the UserGate program.

First meeting

The Usergate proxy server allows you to provide local network users with access to the Internet and define an access policy, denying access to certain resources, limiting traffic or the time users spend on the network. In addition, Usergate makes it possible to keep separate traffic records both by user and by protocol, which greatly simplifies the control of Internet connection costs. Recently, there has been a tendency among Internet providers to provide unlimited access to the Internet through their own channels. Against the backdrop of such a trend, it is the control and accounting of access that comes to the fore. To do this, the Usergate proxy server has a fairly flexible system of rules.

The Usergate proxy server with NAT (Network Address Translation) support works on Windows 2000/2003/XP operating systems with the TCP/IP protocol installed. Without support for the NAT protocol, Usergate is able to work on Windows 95/98 and Windows NT 4.0. The program itself does not require special resources to work, the main condition is the availability of sufficient disk space for cache and log files. Therefore, it is still recommended to install a proxy server on a separate machine, giving it maximum resources.

Setting

What is a proxy server for? After all, any Web browser (Netscape Navigator, Microsoft Internet Explorer, Opera) already knows how to cache documents. But remember that, firstly, we do not allocate significant amounts of disk space for these purposes. And secondly, the probability of visiting the same pages by one person is much less than if tens or hundreds of people did it (and many organizations have such a number of users). Therefore, the creation of a single cache space for the organization will reduce incoming traffic and speed up the search for documents on the Internet that have already been received by any of the employees. Proxy- usergate server can be connected in a hierarchy with external proxy servers (providers), and in this case it will be possible, if not to reduce traffic, then at least to speed up the receipt of data, as well as reduce the cost (usually the cost of traffic from a provider through a proxy server is lower).

Figure 1. Cache settings

Looking ahead, I’ll say that the cache setting is performed in the “Services” menu section (see screen 1). After switching the cache to the "Enabled" mode, you can configure its individual functions - caching of POST requests, dynamic objects, cookies, content received via FTP. The size of the disk space allocated for the cache and the lifetime of the cached document are also configured here. And for the cache to start working, you need to configure and enable the proxy mode. The settings determine which protocols will work through a proxy server (HTTP, FTP, SOCKS), on which network interface they will listen and whether cascading will be performed (the data required for this is entered on a separate tab of the services settings window).

Before you start working with the program, you need to make other settings. As a rule, this is done in the following sequence:

Creating user accounts in Usergate.
Setting up DNS and NAT on a system with Usergate. At this stage, the configuration is mainly reduced to configuring NAT using the wizard.
Setting network connection on client machines, where it is necessary to register the gateway and DNS in the properties of the TCP / IP network connection.
Creating an Internet access policy.

For convenience, the program is divided into several modules. The server module runs on a computer connected to the Internet and performs basic tasks. Usergate administration is carried out using a special Usergate Administrator module. With its help, the entire server configuration is performed in accordance with the necessary requirements. The client part of Usergate is implemented as the Usergate Authentication Client, which is installed on the user's computer and serves to authorize users on the Usergate server if authorization is used other than IP or IP + MAC authorizations.

Control

User and group management is moved to a separate section. Groups are necessary to facilitate the management of users and their general access and billing settings. You can create as many groups as you need. Typically, groups are created according to the structure of the organization. What options can be assigned to a user group? Each group has an associated rate that will account for access costs. By default, the default tariff is used. It is empty, so the connections of all users included in the group are not charged unless the rate is overridden in the user profile.

The program has a set of predefined NAT rules that cannot be changed. These are access rules for the protocols Telten, POP3, SMTP, HTTP, ICQ, etc. When setting up a group, you can specify which of the rules will be applied to this group and users included in it.

The auto redial mode can be used when the connection to the Internet is via a modem. When this mode is enabled, the user can initiate a connection to the Internet when there is no connection yet - at his request, the modem establishes a connection and provides access. But when connected via a leased line or ADSL, this mode is not needed.

Adding user accounts is just as easy as adding groups (see Figure 2). And if the computer with the installed Usergate proxy server is included in an Active Directory (AD) domain, user accounts can be imported from there and then divided into groups. But both when entering manually and when importing accounts from AD, you must configure user rights and access rules. These include the authorization type, tariff plan, available NAT rules (if the group rules do not fully meet the needs of a particular user).

The Usergate proxy server supports several types of authorization, including user authorization through Active Directory and the Windows Login window, which allows you to integrate Usergate into your existing network infrastructure. Usergate uses its own NAT driver that supports authorization through a special module - the client authorization module. Depending on the chosen authorization method, in the user profile settings, you must specify either its IP address (or a range of addresses), or its name and password, or only its name. Here it can be specified email address the user to whom reports on their use of Internet access will be sent.

Rules

The Usergate rules system is more flexible in settings compared to the Remote Access Policy capabilities (policy remote access in RRAS). Rules can be used to block access to certain URLs, limit traffic for certain protocols, set a time limit, limit the maximum file size a user can download, and much more (see Figure 3). Standard operating system tools do not have sufficient functionality to solve these problems.

Rules are created using the helper. They apply to the four main objects tracked by the system - connection, traffic, tariff and speed. And for each of them, one action can be performed. The execution of the rules depends on the settings and restrictions that are selected for it. These include the protocols used, the time by day of the week when this rule will be in effect. Finally, criteria are defined for the volume of traffic (incoming and outgoing), network time, balance on the user's account, as well as a list of source IP addresses of the request and network addresses of resources that are affected. Setting network addresses also allows you to define the types of files that users will not be able to download.

Many organizations do not allow instant messaging services. How to implement such a ban using Usergate? It is enough to create one rule that closes the connection when the site *login.icq.com* is requested, and apply it to all users. The application of the rules allows you to change the tariffs for access during the day or night, to regional or shared resources (if such differences are provided by the provider). For example, to switch between night and day rates, you will need to create two rules, one will switch in time from day to night rate, the second will switch back. What exactly are tariffs for? This is the basis of the built-in billing system. Currently, this system can only be used for reconciliation and trial calculation of expenses, but after the billing system is certified, system owners will have a reliable mechanism for working with their customers.

Users

Now back to the DNS and NAT settings. DNS configuration consists in specifying the addresses of external DNS servers that the system will access. At the same time, on user computers, in the connection settings for the TCP / IP properties, specify the IP of the internal network interface of the computer with Usergate as the gateway and DNS. A slightly different configuration principle when using NAT. In this case, you need to add a new rule in the system, in which you need to define the receiver IP (local interface) and sender IP (external interface), port - 53 and UDP protocol. This rule must be assigned to all users. And in the connection settings on their computers, you should specify the IP address of the provider's DNS server as DNS, and the IP address of the computer with Usergate as the gateway.

Mail clients can be configured both through Port mapping and through NAT. If the organization is allowed to use instant messaging services, then the connection settings for them must be changed - you must specify the use of a firewall and proxy, set the IP address of the internal network interface of the computer with Usergate and select the HTTPS or Socks protocol. But keep in mind that when working through a proxy server, work in Chat rooms and Video Chat will not be available if Yahoo Messenger is used.

Operation statistics is recorded in a log containing information about the connection parameters of all users: connection time, duration, spent funds, requested addresses, the amount of information received and transmitted. You cannot cancel the recording of information about user connections in the statistics file. To view statistics, there is a special module in the system, which can be accessed both through the administrator interface and remotely. The data can be filtered by user, protocol and time and can be saved to an external Excel file for further processing.

What's next

If the first versions of the system were intended only to implement the proxy server caching mechanism, then the latest versions have new components designed to provide information security. Today, Usergate users can use the built-in firewall and anti-virus module of Kaspersky. The firewall allows you to control, open and block certain ports, as well as publish company Web resources on the Internet. The built-in firewall processes packets that are not processed at the level of NAT rules. If the packet was handled by the NAT driver, it is no longer handled by the firewall. The port settings made for the proxy, as well as the ports specified in Port Mapping, are placed in automatically generated firewall rules (auto type). The auto rules also include TCP port 2345, which is used by the Usergate Administrator module to connect to the Usergate back end.

Talking about prospects further development product, it is worth mentioning the creation of your own VPN server, which will allow you to abandon the VPN from the operating system; implementation of a mail server with support for anti-spam function and development of an intelligent firewall at the application level.

Mikhail Abramzon- Head of the marketing group of the company "Digt".

Having connected the Internet in the office, every boss wants to know what he pays for. Especially if the tariff is not unlimited, but according to traffic. There are several ways to solve the problems of traffic control and organization of access to the Internet on an enterprise scale. I will talk about the implementation of the UserGate proxy server to get statistics and control the bandwidth of the channel using my experience as an example.

I must say right away that I used the UserGate service (version 4.2.0.3459), but the access organization methods and technologies used are also used in other proxy servers. So the steps described here are generally suitable for other software solutions (for example, Kerio Winroute Firewall, or other proxies), with slight differences in the implementation details of the configuration interface.

I will describe the task set for me: There is a network of 20 machines, there is an ADSL modem in the same subnet (alnim 512/512 kbps). It is required to limit the maximum speed to users and keep a record of traffic. The task is slightly complicated by the fact that access to the modem settings is closed by the provider (access is possible only through the terminal, but the provider has the password). The statistics page on the provider's website is not available (Don't ask why, there is only one answer - the company has such a relationship with the provider).

We put a usergate and activate it. To organize access to the network, we will use NAT ( Network Address Translation- "network address translation"). For the technology to work, it is necessary to have two network cards on the machine where we will install the UserGate server (service) (It is possible that you can make NAT work on one network card by assigning two IP addresses to it in different subnets).

So, First stage settings - NAT driver configuration(driver from UserGate, installed during the main installation of the service). Us Requires two network interfaces(read network cards) on the server hardware ( for me this was not a gap, because I deployed UserGate on a virtual machine. And there you can make "many" network cards).

Ideally, to one network card connects the modem itself, a to the second - the entire network from which they will access the Internet. In my case, the modem is installed in different rooms with a server (physical machine), and I am too lazy and have no time to transfer equipment (and in the near future, the organization of a server room looms). I connected both network adapters to the same network (physically), but configured them on different subnets. Since I can’t change the modem settings (access is closed by the provider), I had to transfer all computers to a different subnet (fortunately, using DHCP, this is done elementarily).

Network card connected to the modem ( the Internet) set up as before (according to the data from the provider).

Assign static IP address(in my case it is 192.168.0.5);
Subnet mask 255.255.255.0 - I did not change it, but it can be configured in such a way that there will be only two devices in the subnet of the proxy server and modem;
Gateway - modem address 192.168.0.1
ISP's DNS server addresses ( primary and secondary required).

Second network card, connected to the internal network ( intranet), set up as follows:

Static IP address but on a different subnet(I have 192.168.1.5);
Mask according to your network settings (I have 255.255.255.0);
Gateway do not specify.
In the DNS server address field enter the address of the company's DNS server(If yes, if not, leave blank).

Note: you need to make sure that the use of the NAT component from UserGate is checked in the network interface settings.

After configuring network interfaces start the UserGate service itself(don't forget to configure it to run as a service to automatically start with system rights) and go to the management console(You can do it locally or remotely). We go to " Network Rules” and choose “ NAT Setup Wizard“, you will need to specify your intranet ( intranet) and internet ( internet) adapters. Intranet - an adapter connected to an internal network. The wizard will configure the NAT driver.

Thereafter need to understand NAT rules, for which we go to "Network settings" - "NAT". Each rule has several fields and a status (active and inactive). The essence of the fields is simple:

Name - the name of the rule, I recommend to give something meaningful(you do not need to write addresses and ports in this field, this information will be available in the list of rules anyway);
The receiver interface is yours intranet interface(in my case 192.168.1.5);
The sender interface is yours internet interface(on the same subnet as the modem, in my case 192.168.0.5);
Port- specify which rub it belongs to this rule (for example, for a browser (HTTP) port 80, and for receiving mail 110 port). You can specify a range of ports if you don't want to mess around, but it's not recommended to do it on the whole range of ports.
Protocol - select one of the options from the drop-down menu: TCP(usually), UPD or ICMP(for example, for the operation of the ping or tracert commands).

Initially, the list of rules already contains the most used rules necessary for the operation of mail and various kinds of programs. But I added my own rules to the standard list: for DNS queries (without using the forwarding option in UserGate), for secure SSL connections, for the torrent client, for the Radmin program, and so on. Here are screenshots of my list of rules. The list is still small - but it expands over time (with the need to work on a new port).

The next step is to set up users. In my case, I chose authorization by IP address and MAC address. There are options for authorization only by IP address and by Active Directory credentials. You can also use HTTP authorization (each time users first enter the password through the browser). Creating Users and User Groups and assign them the NAT rules to use(We need to give the user an Internet connection to the browser - we enable the HTTP rule with port 80 for it, we need to give ICQ - the ICQ rule with then 5190).

Lastly, at the implementation stage, I configured the users to work through a proxy. For this I used DHCP service. The following settings are sent to client machines:

IP address - dynamic from DHCP in the range of the intranet subnet (in my case, the range is 192.168.1.30 -192.168.1.200. I set up an IP address reservation for the necessary machines).
Subnet mask (255.255.255.0)
Gateway - address of the machine with UserGate in the local network (Intranet address - 192.168.1.5)
DNS servers - I betray 3 addresses. The first is the address of the enterprise's DNS server, the second and third are the provider's DNS addresses. (On the DNS of the enterprise, forwarding to the provider's DNS is configured, so in the event of a "fall" of the local DNS, Internet names will be resolved on the provider's DNS).

On this basic setup completed. Left check the functionality, for this, on the client machine, you need (by receiving the settings from DHCP or by adding them manually, in accordance with the recommendations above) launch a browser and open any page on the web. If something does not work, check the situation again:

Are the client's network adapter settings correct? (does the machine with the proxy server ping?)
Is the user/computer authorized on the proxy server? (see UserGate authorization methods)
Does the user/group have NAT rules enabled for it to work? (for the browser to work, you need at least HTTP rules for the TCP protocol on port 80).
Have the traffic limits for the user or group expired? (I did not enter this).

Now you can observe the connected users and the NAT rules they use in the "Monitoring" item of the proxy server management console.

Further proxy settings are already tuning, to specific requirements. The first thing I did was enable the bandwidth limit in the user properties (later you can implement a system of rules to limit the speed) and enable additional UserGate services - a proxy server (HTTP on port 8080, SOCKS5 on port 1080). Enabling proxy services allows you to use query caching. But it is necessary to carry out additional setting clients to work with a proxy server.

Leave questions? I suggest asking them right here.

________________________________________

After connecting the local network to the Internet, it makes sense to set up a traffic accounting system, and the Usergate program will help us with this. Usergate is a proxy server and allows you to control the access of computers from the local network to the Internet.

But, first, let's remember how we previously set up the network in the video course "Creating and configuring a local network between Windows 7 and WindowsXP", and how we provided access to all computers to the Internet through one communication channel. Schematically, it can be represented as follows, there are four computers that we have combined into a peer-to-peer network, we have chosen the workstation work-station-4-7, with the Windows 7 operating system, as a gateway, i.e. connected an additional network card with Internet access and allowed other computers on the network to access the Internet through this network connection. The remaining three machines are Internet clients and they, as a gateway and DNS, have the IP address of the computer distributing the Internet. Well, now let's deal with the issue of controlling access to the Internet.

Installing UserGate does not differ from installing a regular program, after installation the system asks to reboot, reboot. After the reboot, first of all, let's try to access the Internet, from the computer on which UserGate is installed - it turns out, but not from other computers, therefore, the Proxy server started working and by default prohibits everyone from accessing the Internet, so you need to configure it.

Launching the admin console Start \ Programs \UserGate\ Admin Console) and here we have the console itself and the tab opens Connections. If we try to open any of the tabs on the left, a message is displayed (UserGate Admin Console is not connected to the UserGate Server), so at startup we open the Connections tab so that we can first connect to the UserGate server.

And so, the default Server Name is local; User – Administrator; The server is localhost, i.e. the server part is located on this computer; Port - 2345.

Double click on this entry and connect to the UserGate service, if the connection failed, check if the service is running ( ctrl+ alt+ Esc\ Services \UserGate)

Launches on first connection Setup WizardUserGate, press Not, as we will configure everything manually so that it is more clear what and where to look for. And first of all, go to the tab ServerUserGate\ Interfaces, here we indicate which network card looks at the Internet ( 192.168.137.2 - WAN), and which one to the local network ( 192.168.0.4 - LAN).

Further Users and Groups \ Users, there is only one user here, this is the machine itself on which the UserGate server is running and it is called Default, i.e. default. Let's add all users who will access the Internet, I have three of them:

Workstation-1-xp - 192.168.0.1

Workstation-2-xp - 192.168.0.2

Work-station-3-7 - 192.168.0.3

We leave the group and the tariff plan by default, the type of authorization, I will use it through the IP address, since I have them manually registered, and remain unchanged.

Now let's configure the proxy itself, go to Services \ Proxy settings \http, here we select the IP address that we specified as the gateway on client machines, I have this 192.168.0.4 and also check the box transparent mode, so as not to manually enter the proxy server address in browsers, in this case the browser will look at which gateway is specified in the network connection settings and will redirect requests to it.

Today, the management, probably, of all companies has already appreciated the opportunities that the Internet provides for doing business. This, of course, is not about online stores and e-commerce, which, whatever one may say, today are more marketing tools than a real way to increase the turnover of goods or services. The global network is excellent information environment, an almost inexhaustible source of a wide variety of data. In addition, it provides fast and cheap communication with both clients and partners of the firm. You can not discount the possibilities of the Internet for marketing. Thus, it turns out that the Global Network, in general, can be considered a multifunctional business tool that can increase the efficiency of the company's employees in fulfilling their duties.

However, first you need to provide these employees with access to the Internet. Simply connecting one computer to the global network is not a problem today. There are many ways how this can be done. There are also many companies offering practical solution this task. But it is unlikely that the Internet on one computer will be able to bring significant benefits to the company. Access to the Network should be available to each employee from his workplace. And here we can not do without a special software, the so-called proxy server. In principle, the capabilities of operating systems of the Windows family make it possible to make any Internet connection public. In this case, other computers from the local network will get access to it. However, this decision is hardly worth considering at least a little seriously. The fact is that when choosing it, you will have to forget about control over the use of the Global Network by company employees. That is, any person from any corporate computer can access the Internet and do whatever they want there. And what it threatens, probably, no one needs to explain.

Thus, the only acceptable way for the company to organize the connection of all computers included in the corporate local network is a proxy server. Today there are many programs of this class on the market. But we will only talk about one development. It is called UserGate, and it was created by eSafeLine specialists. The main features of this program are wide functionality and a very convenient Russian-language interface. In addition, it is worth noting that it is constantly evolving. Recently, a new, fourth version of this product was presented to the public.

So UserGate. This software consists of several separate modules. The first one is the server itself. It must be installed on a computer directly connected to the Internet (Internet gateway). It is the server that implements user access to the global network, calculates the used traffic, keeps statistics of work, etc. The second module is designed to administer the system. With its help, the responsible employee performs all the proxy server settings. Main Feature UserGate in this regard is that the administration module does not have to be placed on the Internet gateway. Thus, we are talking about remote control of a proxy server. This is very good, since the system administrator gets the opportunity to manage Internet access directly from his workplace.

In addition, UserGate includes two more separate software modules. The first of them is needed for convenient viewing of Internet usage statistics and generating reports based on it, and the second is for user authorization in some cases. This approach is perfectly combined with the Russian-language and intuitive interface of all modules. Together, this allows you to quickly and without any problems set up a shared access to the global network in any office.

But let's still move on to the analysis of the functionality of the UserGate proxy server. You need to start with the fact that this program immediately implements two different ways to configure DNS (perhaps the most important task when implementing public access). The first one is NAT (Network Address Translation). It provides very accurate accounting of consumed traffic and allows users to use any protocols allowed by the administrator. True, it is worth noting that some network applications in this case will not work correctly. The second option is DNS forwarding. It has more limitations than NAT, but it can be used on computers with outdated operating families (Windows 95, 98 and NT).

Permissions to work on the Internet are configured using the concepts of "user" and "user group". And, interestingly, in the UserGate proxy server, the user is not necessarily a person. A computer can also play its role. That is, in the first case, access to the Internet is allowed to certain employees, and in the second - to all people who have sat down at some kind of PC. Naturally, different methods of user authorization are used in this case. If we are talking about computers, then they can be identified by IP address, a bunch of IP and MAC addresses, a range of IP addresses. For authorization of employees, special login / password pairs, data from Active Directory, name and password that match Windows authorization information, etc. can be used. Users can be combined into groups for ease of configuration. This approach allows you to manage access immediately for all employees with the same rights (located in the same positions), and not configure each account separately.

The UserGate proxy server also has its own billing system. The administrator can set any number of tariffs that describe how much one unit of incoming or outgoing traffic or connection time costs. This allows you to keep an accurate record of all Internet expenses with reference to users. That is, the company's management will always know who spent how much. By the way, tariffs can be made dependent on the current time, which allows you to accurately reproduce the pricing policy of the provider.

The UserGate proxy server allows you to implement any, no matter how complex, corporate Internet access policy. For this, so-called rules are used. With their help, the administrator can set limits for users by working time, by the amount of traffic sent or received per day or month, by the amount of time used per day or month, etc. If these limits are exceeded, access to the Global Network will be automatically blocked. In addition, using rules, you can impose restrictions on the access speed of individual users or their entire groups.

Another example of the use of rules are restrictions on access to certain IP addresses or their ranges, to entire domain names or addresses containing certain strings, etc. That is, in fact, we are talking about filtering sites, which can be used to exclude visits employees of unwanted web projects. But, of course, these are far from all examples of the application of the rules. With their help, you can, for example, implement tariff switching depending on the site currently being loaded (it is necessary to take into account preferential traffic that exists with some providers), set up cutting advertising banners etc.

By the way, we have already said that the UserGate proxy server has a separate module for working with statistics. With its help, the administrator can view the consumed traffic at any time (total, for each user, for user groups, for sites, for server IP addresses, etc.). And all this is done very quickly with the help of a convenient filter system. In addition, this module implements a report generator, with which the administrator can create any report and export it to MS Excel.

A very interesting solution for developers is to embed an anti-virus module in the firewall, which controls all incoming and outgoing traffic. Moreover, they did not reinvent the wheel, but integrated the development of Kaspersky Lab. This solution guarantees, firstly, really reliable protection against all malicious programs, and secondly, regular updating of signature databases. Another important feature in terms of information security is the built-in firewall. And here it was created by UserGate developers on their own. Unfortunately, it is worth noting that the firewall integrated into the proxy server is quite different in its capabilities from the leading products in this area. Strictly speaking, we are talking about a module that simply blocks traffic going through the ports and protocols specified by the administrator to and from computers with specified IP addresses. It does not have a stealth mode, or some other, in general, functions that are mandatory for firewalls.

Unfortunately, one article cannot include a detailed breakdown of all the features of the UserGate proxy server. Therefore, let's at least just list the most interesting of them that were not included in our review. Firstly, this is caching of files downloaded from the Internet, which allows you to really save money on provider services. Secondly, it is worth noting the Port mapping function, which allows you to bind any selected port of one of the local Ethernet interfaces to the desired port of a remote host (this function is necessary for the operation of network applications: bank-client systems, various games, etc.) . In addition, the UserGate proxy server implements such features as access to internal corporate resources, task scheduler, connection to a proxy cascade, monitoring of traffic and IP addresses of active users, their logins, visited URLs in real time and much, much more. other.

Well, now it's time to take stock. We, dear readers, have analyzed in some detail the UserGate proxy server, with which you can organize general access to the Internet in any office. And we were convinced that this development combines simplicity and ease of setup and use with a very extensive set of functionality. All this makes the latest version of UserGate a very attractive product.

Popular in category: