cancel
Showing results for 
Search instead for 
Did you mean: 
jsimon2010
Level 7

Issue with Page cannot be displayed...

Jump to solution

Greetings:

I have noticed a issue in which I am having trouble tracking down.  Recently we deployed Web Gateway which replaced our Web Washer unit.  We have a Spam Filter in an Extranet Zone where users can login to with a web browser and add or remove SMTP addresses from thier white/black lists.  Users have not had issues accessing this server prior to deployment.

If a user attempts to go to the Spam Filter's URL, the browser displays a "page could not be displayed."  If we then go to another site, say google.com and get that page to load and subsequently try the Spam Filter address again, it will connect.  In the access.log, I see the initial connection that fails does not have the user name but simply "".  Once the user goes to another site and then trys again which is successful, the access.log shows the username in the connection to the spam filter.  The URL to the spam filter is specific to the user and is as follows:  https://oscsacppt01.xxx.xxx/enduser/process.cgi?cmd=editprofile&recipient=user.name@xxx.xxx&msg_id=(...

The access.log contains the following entrys:

[03/Jun/2011:08:54:08 -0700] "" 172.17.10.141 302 "CONNECT https://oscsacppt01.xxx.xxx HTTP/1.0" "" "-" "" 2830 "" "" "0"  (Failed Attempt)

[03/Jun/2011:08:54:37 -0700] "JohnDoe" 172.17.10.141 200 "CONNECT https://oscsacppt01.xxx.xxx HTTP/1.0" "Government/Military" "Minimal Risk" "" 2715 "" "" "0" (Successful Connection)

[03/Jun/2011:08:54:39 -0700] "JohnDoe" 172.17.10.141 200 "CONNECT https://oscsacppt01.xxx.xxx HTTP/1.0" "Government/Military" "Minimal Risk" "" 145 "" "" "0" (Successful Connection)

I am seeing this behavior as well at this URL:

https://ecat.em.att.com/enter.authentication?LOGIN

[03/Jun/2011:08:14:10 -0700] "" 172.17.10.141 302 "CONNECT https://ecat.em.att.com HTTP/1.0" "" "-" "" 2815 "" "" "0" (Failed Attempt)

[03/Jun/2011:08:14:25 -0700] "JohnDoei" 172.17.10.141 200 "CONNECT https://ecat.em.att.com HTTP/1.0" "Internet Services" "Minimal Risk" "" 3395 "" "" "0" (Successful Connection)

I am curious if anyone else has run across this behavior?

Version 7.1.0.2

Transparent Proxy

NTLM Authentication

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Issue with Page cannot be displayed...

Jump to solution

Spoke to Justin about this, it was occurring because SSL scanning was not enabled, which left the Web Gateway unable to redirect away from an SSL site to the authentication server.

I sent Justin a ruleset which includes the necessary components to properly redirect away from SSL sites for authentication purposes.

~jon

0 Kudos
1 Reply
McAfee Employee

Re: Issue with Page cannot be displayed...

Jump to solution

Spoke to Justin about this, it was occurring because SSL scanning was not enabled, which left the Web Gateway unable to redirect away from an SSL site to the authentication server.

I sent Justin a ruleset which includes the necessary components to properly redirect away from SSL sites for authentication purposes.

~jon

0 Kudos