This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Behavior Chrome vs IE with Web Appliance

Good morning
I'm having a pretty weird situation. I'm using Sophos web appliance in Explicit mode with the use of the .dat file. In the .dat file all internal networks have been excluded but when I point to an internal IP address with Internet Explorer it cannot display it correctly, while with Chrome the display is correct. By removing the proxy the site is correctly displayed. I tried to see all the security settings of IE I checked the configuration of the .dat file, the link to the internal site is direct. I don't understand how proxy configuration can affect an internal site and above all because it works with Chrome. What are the differences?
Thanks for any help
Best regards
Franco



This thread was automatically locked due to age.
Parents
  • Hi Franco,

    As a general rule .pac and .dat files are pretty much the same.. except in the way that you host them and the dns requirements.

    Generally I would recommend hosting a .pac file and going with that. If your bent on the wpad.dat file the big gotcha is to ensure dns works both forward and backwards.

    It sounds like perhaps there may also be an error in the file its self.. in most cases if a non ie browser fails to enact the proxy it may default to just sending the traffic out the gateway.. or visa versa..  if this happens traffic for an internal site may end up on the rong side of the firewall.

    Some easy things to check

    Ensure the appliance and .dat host are resolvable both forwards and back long and short name.

    Configure the browser to only use the ip and ensure ‘do not proxy local traffic’ is checked off.. then use the dat file

    Ensure you do all testing with private browser tabs to make sure the pages are not cached

    Under the options menu ensure caching is disabled, if its enabled clear it and disable it

    A trace-route may show different paths to the same site.. if your into wire-shark compare pcaps

    Also export the sophos log to a syslog server.. you should not see your ip in the logs if the request is going direct

    Here is a sample to some other goodies regarding .pac files

Reply
  • Hi Franco,

    As a general rule .pac and .dat files are pretty much the same.. except in the way that you host them and the dns requirements.

    Generally I would recommend hosting a .pac file and going with that. If your bent on the wpad.dat file the big gotcha is to ensure dns works both forward and backwards.

    It sounds like perhaps there may also be an error in the file its self.. in most cases if a non ie browser fails to enact the proxy it may default to just sending the traffic out the gateway.. or visa versa..  if this happens traffic for an internal site may end up on the rong side of the firewall.

    Some easy things to check

    Ensure the appliance and .dat host are resolvable both forwards and back long and short name.

    Configure the browser to only use the ip and ensure ‘do not proxy local traffic’ is checked off.. then use the dat file

    Ensure you do all testing with private browser tabs to make sure the pages are not cached

    Under the options menu ensure caching is disabled, if its enabled clear it and disable it

    A trace-route may show different paths to the same site.. if your into wire-shark compare pcaps

    Also export the sophos log to a syslog server.. you should not see your ip in the logs if the request is going direct

    Here is a sample to some other goodies regarding .pac files

Children
No Data