Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 4 subscribers
  • Views 2218 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Parent proxy not always used (and no user handed)

CBochynek

Hi,

we're using parent proxy for specific Domains. E.g. *.xyz and *.xyz.de

For some websites parent proxy is used, the destination IP in WebLog ist parent proxy, the user and group is also in log.

Other websites do not use parent proxy even if they should. destination IP in log is the real IP of the websever in the internet, user and group are empty.

We're using AD-Auth for proxy. So the websites which are not correctly classified for parent proxy are always blocked because of "407 - proxy auth required".

Workaround: Exeption, Skip Auth - but that's not what we want !

I already changed the order of parent proxies in Filter Action, tried to use full URL or IP - no effects.


Anyone with similar problems? solutions?

Greetings



This thread was automatically locked due to age.
Parents
  • 0

    Seems to get a little bit more complicated...

    If the URL *.xyz oder *.xyz.de is in exeptions and "Authentification" ist skipped, the parent proxy ist not used.
    No problem - our users all should be  authenticated. if I disable the exeption, parent proxy is shown correctly in logs (with user, domain and group) BUT my parent proxy didn't want me (403).

    This parent proxy is attached to an interface at our UTM, traffic to this interface (and also explicitly to the parent proxy) is SNAT and routed.
    If I call the proxy as using it in my browser it's working.
    So I suppose that proxy is not using my SNATrules while sending traffic to this interface.
    I read your rulz, BAlfons, but I'm not sure if #2 explains my problem. Also I don't have an solution.
    I'm also going to contact the "provider" to ask if they maybe just do not accept proxied traffic recently.

Reply
  • 0

    Seems to get a little bit more complicated...

    If the URL *.xyz oder *.xyz.de is in exeptions and "Authentification" ist skipped, the parent proxy ist not used.
    No problem - our users all should be  authenticated. if I disable the exeption, parent proxy is shown correctly in logs (with user, domain and group) BUT my parent proxy didn't want me (403).

    This parent proxy is attached to an interface at our UTM, traffic to this interface (and also explicitly to the parent proxy) is SNAT and routed.
    If I call the proxy as using it in my browser it's working.
    So I suppose that proxy is not using my SNATrules while sending traffic to this interface.
    I read your rulz, BAlfons, but I'm not sure if #2 explains my problem. Also I don't have an solution.
    I'm also going to contact the "provider" to ask if they maybe just do not accept proxied traffic recently.

Children
No Data
Unfiltered HTML