cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

connection towards proxy is intermittent

Jump to solution

hi all! new to this forum and i would like to seek help or guidance from you guys.

i have this sidewinder pair(MFE 1100F 8.2.1) with rules create to access proxy server(another infra) from client's web browser.

however, i am seeing a lot of application Unknown TCP while some of the traffic are seeing HTTP as application.

2015-03-30 13:04:20 +0800 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname:xxxxxxxx event: session end

application: <Unknown TCP> netsessid: 6191e5518d954 srcip: zzz.zzz.zzz.zzzz

srcport: 52820 srczone: LAN protocol: 6 dstip: yyy.yyy.yyy.yyy

dstport: 9090 dstzone: WAN bytes_written_to_client: 0

bytes_written_to_server: 0

rule_name: <Pending Application Identification> cache_hit: 0

start_time: 2015-03-30 13:04:20 +0800

from the same source, i can see some traffic passing through.

2015-03-30 13:04:20 +0800 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: xxxxxxx event: session end application: HTTP

app_risk: low app_categories: infrastructure netsessid: 6117d5518d953

srcip: zzz.zzz.zzz.zzz srcport: 52784 srczone: NON-SOE protocol: 6

dstip: yyy.yyy.yyy.yyy dstport: 9090 dstzone: SOE-WAN

bytes_written_to_client: 12015 bytes_written_to_server: 7272

rule_name: Surf rule 1 cache_hit: 0

start_time: 2015-03-30 13:04:19 +0800

SSL no decryption, policy rule as per below.

Application: TCP4714(pac file port), tcp9090(proxy server), SSL/TLS and override ports

tcp9090 configured with parent application as HTTP, with TCP and SSL configured as 9090.

defense group wise, i have created a no proxy group,with most of the things leaving as default. did i miss out anything on the configurations?

Thanks in advance!

1 Solution

Accepted Solutions
Highlighted
Level 14
Report Inappropriate Content
Message 2 of 2

Re: connection towards proxy is intermittent

Jump to solution

If you are trying to do non-transparent HTTP and HTTPS through the firewall you must include the SSL/TLS application in your rules also and then override the SSL port to include the port you are doing HTTPS on (assuming you've changed this from the default of 443).  The "SSL" setting in the Applications does not pass SSL traffic, it is alerting you to the fact that this application may also tunnel over SSL.  The SSL/TLS application is the app. which can pass this traffic.

Make sure you are at 8.2.1P08 at least, the latest version of 8.2.1.  I suggest you upgrade this firewall to 8.3.2P06 when you can also, to take advantage of the latest code-fixes and CVE fixes.

View solution in original post

1 Reply
Highlighted
Level 14
Report Inappropriate Content
Message 2 of 2

Re: connection towards proxy is intermittent

Jump to solution

If you are trying to do non-transparent HTTP and HTTPS through the firewall you must include the SSL/TLS application in your rules also and then override the SSL port to include the port you are doing HTTPS on (assuming you've changed this from the default of 443).  The "SSL" setting in the Applications does not pass SSL traffic, it is alerting you to the fact that this application may also tunnel over SSL.  The SSL/TLS application is the app. which can pass this traffic.

Make sure you are at 8.2.1P08 at least, the latest version of 8.2.1.  I suggest you upgrade this firewall to 8.3.2P06 when you can also, to take advantage of the latest code-fixes and CVE fixes.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community