cancel
Showing results for 
Search instead for 
Did you mean: 
yerkogofes
Level 7

The proxy could not connect to the destination in time (REVERSE PROXY).

Jump to solution

Hi team,

I'm trying to set up a lab for a POC using McAfee Web Gateway in Reverse Proxy mode , but when make a connection to client (Internet) to Public ip with specific port this is a message:

messaage .jpg

My topology is very simple:

request .jpg

User -> http://<Public IP>:1111 -> FW Make NAT to IP MWG .77 -> MWG make process for example GAM analysis -> forward or redirect connection to Server 192.168.168.174:80  (IIS in windows).

1111.jpg

22222.jpg

i don't know if the problem is in network connection and configuration in reverse proxy.

I think that the problem is in MWG, because the connection come to the proxy and then don't go to web server.


I need help, if somebody have information or examples, please let me know.

Yerko

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: The proxy could not connect to the destination in time (REVERSE PROXY).

Jump to solution

Hi Yerko!

Your rule is incorrect, you changed it from URL.Host matches... to Connection.Protocol matches http://**:1111. This would never work. Connection.Protocol would only ever equal something like HTTP, HTTPS, SSL, FTP, SOCKS, etc... this has to do with the protocol of the incoming connection.

Take a look at the examples below your rule and their use of URL.Host in the criteria. Stick to the examples rather than forming your own for now.

There is also a best practice on configuring reverse proxy.

If you only have one site configured, I'd suggest setting the criteria to Always instead of "Connection.Protocol matches...". Once you have more sites you'll probably want URL.Host based rules.

The rules are meant to map the incoming request to the backend server.

Best Regards,

Jon

0 Kudos
2 Replies
McAfee Employee

Re: The proxy could not connect to the destination in time (REVERSE PROXY).

Jump to solution

Hi Yerko!

Your rule is incorrect, you changed it from URL.Host matches... to Connection.Protocol matches http://**:1111. This would never work. Connection.Protocol would only ever equal something like HTTP, HTTPS, SSL, FTP, SOCKS, etc... this has to do with the protocol of the incoming connection.

Take a look at the examples below your rule and their use of URL.Host in the criteria. Stick to the examples rather than forming your own for now.

There is also a best practice on configuring reverse proxy.

If you only have one site configured, I'd suggest setting the criteria to Always instead of "Connection.Protocol matches...". Once you have more sites you'll probably want URL.Host based rules.

The rules are meant to map the incoming request to the backend server.

Best Regards,

Jon

0 Kudos
yerkogofes
Level 7

Re: The proxy could not connect to the destination in time (REVERSE PROXY).

Jump to solution

Hi Jon,Thanks for your reply.

I modified my rules and then the connection was successfully  passing through the MWG "Reverse Proxy".

1_3.jpg


This is my rule:

2_2.jpg


I can access to my webserver from internet passing through MWG (Reverse Proxy) 

Now... I need more information to make a proof of concept and show value for the customer using MWG "Reverse Proxy".

I think that is good option show "GAM" feature while an user in internet (me) try to upload file in Web Server passing through MWG. The idea is use a clean file and other file with malicius code... For example one folder to www.ngfw-se.com

What do you think about this idea and .... can you recommend others tests? (I am SE from LATAM Team )

Regards

Yerko

0 Kudos