Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 14519 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Virtual Web Appliance Transparent setup not handling traffic properly?

Jarrod Klunk

Hi All,

I recently set up a Virtual Web Appliance in Transparent mode on our network. I believe that the firewall (Dell SonicWall) is configured correctly - all packets on ports 80 and 443 are being passed to the IP of the Virtual Web Appliance, and all packets on ports 80 and 443 coming from the Virtual Web Appliance are being passed through the firewall out to the Internet. The Network Connectivity test in the Virtual Web Appliance succeeds without error. However, I cannot access any website from any computer on our network. It doesn't even error out... The web browser just says "Connecting..." without proceeding any further and eventually times out. However, if I manually enter the IP address for Amazon.com, I can get through, even though Amazon.com is blocked when I do a "policy test" in the VWA's web UI. Any advice as to why the Virtual Web Appliance isn't processing the traffic properly?

Thanks,

Jarrod



This thread was automatically locked due to age.
Parents
  • 0

    The easy way to test is ...  

    in the proxy configuration section of IE/system preferences ..

    configure the browser with the appliance's ip on port 8080 and check of "bypass local traffic"

    If you are able to get out and get blocked. then your issue is infrastructure.

     

    If you are not able to get out or are been blocked for authentication, see this kb.  Note the requirements and browser configuration sections 

    https://community.sophos.com/kb/en-us/126599

     

    For other deployment information you may find this article useful as well

    https://community.sophos.com/kb/en-us/126692

     

    As for entering IPS manually..

    under configuration / global configuration / general

    make sure allow public ip access ins NOT checked.. however applications that update via direct ip address may fail. 

    if that is checked off  when you were testing, than the traffic is not been directed to the appliance.

     

    In regard to the appliance.. It has no ability to do any routing. It is a complete slave to directed traffic. 

  • 0 in reply to Red_Warrior

    Thanks for your reply.

    "Allow Public IP Access" was checked so that negates my previous question about manually entered IPs.

     

    I tried the proxy configuration and I was able to get out and I was blocked when trying to access websites that are supposed to be blocked.

    So that means it's an infrastructure issue?

    What is port 8080? Do I need to redirect 80 and 443 directly to 8080 or just to the IP of the appliance? Maybe this is where my problem is?

  • 0 in reply to Jarrod Klunk

    Hi Jarrod,

    If adding the proxy information works then yes the issue is between the SWA and the Workstation.. So chances are there is something with routing.   (by setting a proxy address the workstation is ignoring all of your infrastructure and sending the request directly) 

    port 8080 is the standard proxy port, you should not transparently redirect traffic to that port.. just 80 and 443.. If you wish to deploy in explicit proxy mode, then you would use port 8080 in the browser. 

    chances are the results you were experiencing is because the traffic is going out the gate way or some other avenue and not been directed to the appliance.  

  • 0 in reply to Red_Warrior

    Hi Jarrod,

    What you describe (no content displayed in browser, no response to the connection) suggests that maybe the way you're forwarding packets is preventing the responses from the SWA being routed properly. On some Firewall systems it can be necessary to set up the forwarding as a DNAT rule, where traffic destined for ports 80 or 443 on the Internet are redirected to the SWA, rather than as a standard routing rule.

    Regards

    Rich

Reply
  • 0 in reply to Red_Warrior

    Hi Jarrod,

    What you describe (no content displayed in browser, no response to the connection) suggests that maybe the way you're forwarding packets is preventing the responses from the SWA being routed properly. On some Firewall systems it can be necessary to set up the forwarding as a DNAT rule, where traffic destined for ports 80 or 443 on the Internet are redirected to the SWA, rather than as a standard routing rule.

    Regards

    Rich

Children
No Data
Unfiltered HTML