This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non FQDN in Web Proxy block page?

MW over 9 years ago

UTM running 9.315-2.

Block page redirection is using the shortname when our web proxy is set to Transparent mode with AD SSO.

For example, a user tries and hit a "bad" page they are sent to a link like this: http://hostname/auth?u=aHR0cDovL3d3dy5wb3JuLmNvbS8=

This fails because its not a FQDN which the local pc wont resolve. I've checked all the normal places for this short hostname. How do I change it to the FQDN?

1. Hostname under system management is set to the FQDN.

2. User portal url is set to the FQDN

3. Certificate for End-User Pages under Web Proxy...tried to change this to the FQDN

None of this works. Here is the weird thing. If i use transparent proxy with no authentication, then block pages are successfully redirected to a page where the user can select "unblock" and then authenticate and continue.

This thread was automatically locked due to age.

Parents

Scott_Klassen over 9 years ago

This is the default behavior. Is the UTM FQDN added to the Intranet Zone in IE? See www.astaro.org/.../55988-problem-ad-sso-transparent-proxy.html for more information on this behavior and in post 2 is information on how to check for and change this setting if needed.

Be aware that making changes from the backend without the express permission of Support will void your support contract for people with a paid license. If this applies to you, open up a case with support instead of doing it yourself.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Scott_Klassen over 9 years ago

This is the default behavior. Is the UTM FQDN added to the Intranet Zone in IE? See www.astaro.org/.../55988-problem-ad-sso-transparent-proxy.html for more information on this behavior and in post 2 is information on how to check for and change this setting if needed.

Be aware that making changes from the backend without the express permission of Support will void your support contract for people with a paid license. If this applies to you, open up a case with support instead of doing it yourself.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

MW over 9 years ago in reply to Scott_Klassen

The link you provide does not display any replies. So I'm not able to see the changes from post 2?

I did do some extra testing at other client sites, and the redirected pages at other clients do use the FQDN. So I'm not sure why this UTM only uses the shortname.
Cancel
Vote Up 0 Vote Down

Cancel