We are a local govt. agency and must connect to other agencies (like the county) for certain services. After testing the MWG7 in our PD they cannot get through and the gateway gives a Proxy received an invalid response screen.
In the bottom lefthand of the screen you can see that the rule is being applied, but the site is being stopped for some reason.
Here is my rule to allow the site:
If it helps, before I pute the Trusted Sites rule into place, this page was being blocked by the "Block is Virus was Found" rule.
Any help is greatly appreciated and the ASAPier the better
Solved! Go to Solution.
This looks like there is something strange communicated back by the destination Website. I think a tcpdump will most likely reveal what is happening. Are you able to create one for us to check?
please go to the Troubleshooting section on the GUI. You can create a Packet Capture there.
There is a command line on the top which should take "-s 0" as a parameter. Then click "start", replicate the issue, click "stop" and send in the result.
Okay, so unbeknownst to me the county's side only accepted IP within a certain range from our city. So, I quickly added another IP to the Gateway and changed the Gateway's gateway (ha!) and everything is fine now
Thanks for all your help, more questions coming soon!
...like seriously, 5 minutes soon.
Thank you for your question.
The best method to find the cause is to get a network capture going out to the site in question without the proxy.
Then point to the proxy and replicate whilst running a new network capture and compare the two.
Wireshark is such a indispensible tool I wouldn't know what to do without it (wireshark.org)
If I suspect being the host sending invalid HTTP responses I disable all my rule sets and replicate going through the proxy. At the same time, since this is a "trusted" site you should have a white list above all your rule sets which will stop the cycle and thus bypass all filtering if you belive this to be cause.on 11/19/10 8:42:58 AM CST
why do you want to change the address of the interface?
This has to be done via the gui for this to be permanent.
However, to change it via the command line run:
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
This is just an example.