cancel
Showing results for 
Search instead for 
Did you mean: 
kazgor
Level 7

MWG 7.2 with NTLM authentification google issue

Jump to solution

Hi All

We have the issue with google pages.

If client try to get google page, the "authentication required" page is recieved by MWG with following line:

HTTP/1.1 407 authenticationrequired Via: 1.1 10.42.1.100 (McAfee Web Gateway 7.2.0.9.0.15293) Content-Type:

text/html Cache-Control: no-cache Content-Length: 2742 Proxy-Connection: Keep-Alive Proxy-Authenticate:

NTLM TlRMTVNTUAACAAAAAAAAAAAAAAAFgokAseGLXkqkl54AAAAAAAAAAAAAAAAAAAAA   

If we bypass the authentication rules, everything goes good.

We have this issue only with google pages (others are without problem) and time to time (same machine).

Our configuration:

MWG 7.2.0.9 (appliance)

Authetification: NTLM

Client: Windows 7,XP,2008

IE 8,9,10

I made the tcpdump on MWG for both scenario

gnoauth.pcap - authentication rules are bypassed

gauth.pcap - authentication rules are enabled

(10.42.1.100 - WebGateway IP, 10.42.11.25 - Client IP)

Thank you for every suggestion

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: MWG 7.2 with NTLM authentification google issue

Jump to solution

Hello,

from what I can see in the dump everything looks fine. The browser asks for google.cz, MWG answers with 407 and provides possible authemtication schemes (NTLM, Basic). The browser asks for google.cz again setting up NTLM (NTLMSSP_NEGOTIATE message). MWG correctly sends a 407 with NTLMSSP_CHALLENGE message, then the browser does not continue. The browser now has to contact MWG again and send NTLMSSP_AUTH message in order to finish NTLM authentication, but the packet capture does not contain this request.

It could be a problem of browser/OS or an invalid response sent by MWG which I didn't notice. I recommend filing an SR with support to have this checked. From what I can see MWG works as expected.

Best,

Andre

0 Kudos
2 Replies
asabban
Level 17

Re: MWG 7.2 with NTLM authentification google issue

Jump to solution

Hello,

from what I can see in the dump everything looks fine. The browser asks for google.cz, MWG answers with 407 and provides possible authemtication schemes (NTLM, Basic). The browser asks for google.cz again setting up NTLM (NTLMSSP_NEGOTIATE message). MWG correctly sends a 407 with NTLMSSP_CHALLENGE message, then the browser does not continue. The browser now has to contact MWG again and send NTLMSSP_AUTH message in order to finish NTLM authentication, but the packet capture does not contain this request.

It could be a problem of browser/OS or an invalid response sent by MWG which I didn't notice. I recommend filing an SR with support to have this checked. From what I can see MWG works as expected.

Best,

Andre

0 Kudos
kazgor
Level 7

Re: MWG 7.2 with NTLM authentification google issue

Jump to solution

Hi Andre

Thank you for response.

It looks like that traffic is influenced by antivirus on clients PCs.

0 Kudos