cancel
Showing results for 
Search instead for 
Did you mean: 

connection towards proxy is intermittent

Jump to solution

hi all! new to this forum and i would like to seek help or guidance from you guys.

i have this sidewinder pair(MFE 1100F 8.2.1) with rules create to access proxy server(another infra) from client's web browser.

however, i am seeing a lot of application Unknown TCP while some of the traffic are seeing HTTP as application.

2015-03-30 13:04:20 +0800 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname:xxxxxxxx event: session end

application: <Unknown TCP> netsessid: 6191e5518d954 srcip: zzz.zzz.zzz.zzzz

srcport: 52820 srczone: LAN protocol: 6 dstip: yyy.yyy.yyy.yyy

dstport: 9090 dstzone: WAN bytes_written_to_client: 0

bytes_written_to_server: 0

rule_name: <Pending Application Identification> cache_hit: 0

start_time: 2015-03-30 13:04:20 +0800

from the same source, i can see some traffic passing through.

2015-03-30 13:04:20 +0800 f_kernel_ipfilter a_general_area t_nettraffic p_major

hostname: xxxxxxx event: session end application: HTTP

app_risk: low app_categories: infrastructure netsessid: 6117d5518d953

srcip: zzz.zzz.zzz.zzz srcport: 52784 srczone: NON-SOE protocol: 6

dstip: yyy.yyy.yyy.yyy dstport: 9090 dstzone: SOE-WAN

bytes_written_to_client: 12015 bytes_written_to_server: 7272

rule_name: Surf rule 1 cache_hit: 0

start_time: 2015-03-30 13:04:19 +0800

SSL no decryption, policy rule as per below.

Application: TCP4714(pac file port), tcp9090(proxy server), SSL/TLS and override ports

tcp9090 configured with parent application as HTTP, with TCP and SSL configured as 9090.

defense group wise, i have created a no proxy group,with most of the things leaving as default. did i miss out anything on the configurations?

Thanks in advance!

1 Solution

Accepted Solutions
sliedl
Level 14
Report Inappropriate Content
Message 2 of 2

Re: connection towards proxy is intermittent

Jump to solution

If you are trying to do non-transparent HTTP and HTTPS through the firewall you must include the SSL/TLS application in your rules also and then override the SSL port to include the port you are doing HTTPS on (assuming you've changed this from the default of 443).  The "SSL" setting in the Applications does not pass SSL traffic, it is alerting you to the fact that this application may also tunnel over SSL.  The SSL/TLS application is the app. which can pass this traffic.

Make sure you are at 8.2.1P08 at least, the latest version of 8.2.1.  I suggest you upgrade this firewall to 8.3.2P06 when you can also, to take advantage of the latest code-fixes and CVE fixes.

1 Reply
sliedl
Level 14
Report Inappropriate Content
Message 2 of 2

Re: connection towards proxy is intermittent

Jump to solution

If you are trying to do non-transparent HTTP and HTTPS through the firewall you must include the SSL/TLS application in your rules also and then override the SSL port to include the port you are doing HTTPS on (assuming you've changed this from the default of 443).  The "SSL" setting in the Applications does not pass SSL traffic, it is alerting you to the fact that this application may also tunnel over SSL.  The SSL/TLS application is the app. which can pass this traffic.

Make sure you are at 8.2.1P08 at least, the latest version of 8.2.1.  I suggest you upgrade this firewall to 8.3.2P06 when you can also, to take advantage of the latest code-fixes and CVE fixes.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator