How does WebMarshal control web access using the machine name instead of IP address?


This article applies to:

  • WebMarshal

Question:

How does WebMarshal control web access using the machine name instead of IP address?

Information:

It is not possible to control web access directly using machine names in WebMarshal.

When computers are authenticated by IP address, WebMarshal attempts to discover the associated computer names. The names are used in the group display and reports. However, access control is by IP address and not by computer name.

To apply rules to certain machines, use an IP address group.

  1. Open the WebMarshal Console.
  2. Select Tools | Proxy Server Properties or Tools | Global Settings from the menu bar.
  3. Under the Proxy Settings tab or item, select Ports and Authentication
    • In earlier versions, click Modify Proxy Server Settings or select Tools | Proxy Server Wizard from the menu bar, to open the Proxy Server Wizard. Click Next until the Authentication Options (Proxy Ports and Authentication) section displays.
  4. Enable IP address authentication. For detailed steps, see Help.
  5. Click OK, or click Next until the wizard is finished.
  6. Create an IP Address Group under the Policy Elements | User Group node.
    • In earlier versions, in the New User Group Wizard, select the Create an IP address range group option and then click Next.
  7. In the Create IP Address Range Group section, enter a name for the group and a description.
  8. Enter an IP Address range to be included with this group.  Address entry varies by version. For details, see Help.
  9. Click OK, or Next and then Finish.

Next, apply rules to the group you created. For example, a rule (similar to the one below) could be created to block the IP address list in the IP Address Range group from attempting to access a website:

When a web request is received
Where the User us a member of 'the IP Address Group created'
And where addressed to any URL

Block Access to this site and display 'Blocked' page
And do not process any further rules

Notes:

  • A newly created IP address group will initially be empty. The group will be populated with addresses or computer names that have actually connected through WebMarshal.
  • By default a computer remains in the same IP address group even if its IP address changes. In WebMarshal 7.5 and above, you can choose to update IP group membership dynamically. See the related article below.

This article was previously published as:
NETIQKB36079

Last Modified 9/28/2022.
https://support.trustwave.com/kb/KnowledgebaseArticle10559.aspx