Dear all,
in XG v18 I published a server using WAF with the following rule:
Accessing the server from WAN works fine. Accessing the server from LAN works well too if not using the webproxy. If configuring the webproxy on a LAN client I however cannot access the published server and get the following error:
Within the WAF log I see attempts to access the server but from the APIPA address 169.254.234.5 which I don't use:
Any ideas what might be the issue here and what I have to do in order to allow access to WAF published servers though the webproxy?
Thanks
Michael
Hi Patel,
thanks for your reply. We have configured all clients with explicit proxy in the Operating System. If the clients access internal systems web servers using their public names they are sending their traffic to the webproxy as well (unless we exclude those domains on the clients directly).
The firewall rule on the XG that allows webproxy usage doesn't have any filtering options enabled:
Since the web proxy is explictly configured on the clients, traffic will flow through it however. Creating a web exception didn't help but I think this is logical since with the web exceptions we only can exclude traffic from several scanning actions but not from flowing through the proxy directly (if it is explictly configured it must flow through the proxy from my point of view).
BTW: If I set the User portal HTTPS port to 443 then this will be shown if I enter an URL that is published via WAF. So somehow the traffic entering the webproxy does not correctly reach the reverse proxy.
Best Regards
Michael
Quote