cancel
Showing results for 
Search instead for 
Did you mean: 

The proxy could not connect to destination in time (how to whitelist)

Hi,

I have a problem, when I try to view a big pdf file on a site (unfortunately I can't post the url, because it's a business site, which requires a log on) and get the "The proxy could not connect to destination in time" error. Without the proxy I can view the file normaly. I would like to know what can I do (or which rule prevents me from viewing) to solve this issue.

Thank you and best regards

2 Replies
mkutrieba McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: The proxy could not connect to destination in time (how to whitelist)

Hi,

this error message normally means, that connection to external site could not be established. So connection ran into TCP or HTTP timeout (2 minutes by default). In general, this is a HTTP status code beginning with 5XX.

 

You can check the HTTP response with rule trace. Capture it, reproduce the issue, then select the proper download request in the rule trace, click on top properties and you will see the status code which should be 502 for example.

 

But to properly troubleshoot this, debug data like feedback file, rule trace, tcpdump and connection traces are needed since whole connection could fail or specific GET request within the connection (in case it is HTTPS).

 

You can run a test by creating a global bypass rule to see if issue is policy or network related but most-likely it is network related.
Example rule which 100% bypasses your traffic for testing purpose:
Client.IP equals <your client IP>, Action: Stop Cycle, Event: Enable HTTP Tunnel

Move this rule to top of the rule set, save the change and try again. In case it works, you will see the PDF in case it fails, you theoretically/technically should see a browser block page now (if it is HTTPS), since MWG sends HTTP response (block page) to HTTPS request in browser.

 

If you cannot further figure out the problem, I would advise to open a SR and attach above mentioned debug data. You can also PM me the SR number that I can take over this if you want.

Regards,
Marcel Kutrieba
Technical Support Engineer
aloksard McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: The proxy could not connect to destination in time (how to whitelist)

Hi,

Hope you are doing well.

 

If the timeout here is coming into picture, then you increase timeout for this particular traffic.

 

https://community.mcafee.com/t5/Documents/Web-Gateway-Understanding-HTTP-502-s/ta-p/554073

 

Look for Timeout Exceeded  part in above link.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Regards

Alok Sarda

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community