cancel
Showing results for 
Search instead for 
Did you mean: 

SOCKS Proxy Ruleset and Logging

Hello All,

I've used the articles and threads on the communities site to learn quite a bit, but SOCKS information is pretty sparse. My hope is that my question will help someone in the future facing the same issues. We have SOCKS setup for several services already, but we're looking to change over to the GUI setup for ease of management.

First off, I've added the Common Rules/SOCKS Proxy from the Rule Set Library in 7.4.2.x.x. In there I've added a new rule under "SOCKS Proxy > Protocol Detection > below Block Protocols that are not in protocol whitelist". Is this the proper place for new rules?

For the rule I created, my trace looks as such:

SOCKS:     (remove X-Forwarded-For)

SOCKS://DestinationIPSmiley Tongueort   (hits my stop cycle rule)

SOCKS://DestinationIPSmiley Tongueort   (SOCKS Proxy > Protocol Detection > Enable Filtering)

SOCKS://DestinationIPSmiley Tongueort   (Remove Headers > remove X-Forwarded-For)

Does this look normal?

Lastly, my knowledge of the logging facilities leaves a bit to be desired. How would I setup the logging to show something along these lines?

Aug 26 19:16:29 (1409080589.821634) sockd[<PID>]: info: block(3): tcp/accept ]: <Src_IP.Port> <Dst_IP.Port>

0 Kudos