======================= Web Proxy ======================= ------------------------------------------ Service Requirements and Dependencies ------------------------------------------ Text ------------------------ Service Overview ------------------------ .. image:: images/web_proxy/anms_webproxy.png --------------------------------------- Kerberos Realm Trust - ANMS.LOCAL --------------------------------------- Open **Server Manager** and select **Tools --> Active Directory Domains and Trusts**. Once there select the **Trusts** tab and **New Trust** to launch the wizard: .. image:: images/web_proxy/realm_trust_1.png Type the target domain for this trust, **anms.local**: .. image:: images/web_proxy/realm_trust_2.png Select **Realm Trust**: .. image:: images/web_proxy/realm_trust_3.png This trust will be **Nontransitive**: .. image:: images/web_proxy/realm_trust_4.png Select **One-way: Incoming** for the direction of this trust: .. image:: images/web_proxy/realm_trust_5.png All trusts neeed to be confirmed by a **Trust Password**. This password will be communicated by ANMS: .. image:: images/web_proxy/realm_trust_6.png Verify trust configuration: .. image:: images/web_proxy/realm_trust_7.png Confirm realm trust and complete configuration: .. image:: images/web_proxy/realm_trust_8.png Once the realm trust has been configured open its properties and enable **"AES Encryption"** .. image:: images/web_proxy/realm_trust_9.png --------------------------------------- Kerberos Realm Trust - Group Policy --------------------------------------- Open **Server Manager** and select **Tools --> Group Policy Management**. Edit desired domain policy: .. image:: images/web_proxy/domain_gpo_1.png Text .. image:: images/web_proxy/domain_gpo_2.png Text .. image:: images/web_proxy/domain_gpo_3.png Text .. image:: images/web_proxy/domain_gpo_4.png Text .. image:: images/web_proxy/domain_gpo_5.png Text .. image:: images/web_proxy/domain_gpo_6.png Text .. image:: images/web_proxy/domain_gpo_7.png --------------------------------------- Proxy PAC File --------------------------------------- Text :: function FindProxyForURL(url, host) { var proxy = "PROXY webproxy.mycompany.anms.local:8080; DIRECT"; var direct = "DIRECT"; // No proxy for private IP Addresses: if (isInNet(host, "10.0.0.0", "255.0.0.0") || isInNet(host, "172.16.0.0", "255.240.0.0") || isInNet(host, "192.168.0.0", "255.255.0.0")) { return direct; } // No proxy for non-routable addresses (RFC 3330): else if (isInNet(host, "0.0.0.0", "255.0.0.0") || isInNet(host, "127.0.0.0", "255.0.0.0") || isInNet(host, "169.254.0.0", "255.255.0.0") || isInNet(host, "192.0.2.0", "255.255.255.0") || isInNet(host, "192.88.99.0", "255.255.255.0") || isInNet(host, "198.18.0.0", "255.254.0.0") || isInNet(host, "224.0.0.0", "240.0.0.0") || isInNet(host, "240.0.0.0", "240.0.0.0")) { return direct; } // Proxy HTTP, HTTPS only: else if (url.substring(0, 5) == "http:") { return proxy; } else if (url.substring(0, 6) == "https:") { return proxy; } else { return direct; } } ------------------------------------------ Firewall Rules ------------------------------------------ =================== ===================== ============ ============ ============ Source Destination Protocol Port Direction =================== ===================== ============ ============ ============ All Proxy Clients ANMS Proxy Pac Server TCP (HTTP) 80 Outbound All Proxy Clients ANMS Web Proxy Server TCP 8080 Outbound All Proxy Clients ANMS Kerberos KDC TCP and UDP 88 Outbound ANMS Kerberos KDC Your Windows DC TCP and UDP 389 Inbound ANMS Kerberos KDC Your Windows DC TCP 445 Inbound =================== ===================== ============ ============ ============ --------------------------------------- Centralised Log Management --------------------------------------- .. image:: images/web_proxy/webproxy_syslog_view.png .. image:: images/web_proxy/webproxy_syslog_stream.png --------------------------------------- Customer Portal --------------------------------------- .. image:: images/web_proxy/webproxy_summary.png .. image:: images/web_proxy/webproxy_summary2.png .. image:: images/web_proxy/webproxy_access_logs.png