6 Replies Latest reply on Oct 4, 2011 10:57 AM by gsr_privado

    Skip host from autentication rule set

      Hello

      I need to connect from the internal network to Internet , a web services IMED, through the web gateway 7 in brige transparent mode.

      The requirement for are
      200.0.156.42 (Port 80 without content filters) (Autentia Services)
      200.0.156.45 (port 80 unfiltered content) (Reports)
      200.0.156.52 (Ports 10241 to 10249 without content filters) (electronic voucher)
      200.0.156.55 (Ports 10241 al10249 unfiltered content) (load balancer address)
      200.0.156.75 (Port 7003 without content filters) (business cards)
      190.54.28.211 (port 80 unfiltered content) (IMED service monitor)
      200.0.156.141 (Ports 10540 unfiltered content) (Test Environment)

       

      I tried to create a rule set tu bypass the request but didn't work with url.host, url.destinationip only worked when create a criteria by client.ip for a one  internal ipaddress, i can't do this with a destination ip.

      We need not use authentication for IMED services.

       

      thanks for any help

       

       

        • 1. Re: Skip host from autentication rule set
          ittech

          You would have to have a stop rule before your Authentication rule.

           

          Something along the lines of:

           

          If Client.IP is in list YOUR LIST (I find lists work better in these situations)

           

          Stop Cycle

           

          If you still want it to be filtered through the AV, that can be accomplished. Let me know, I'll give you a more detailed example.

           

          Message was edited by: ittech on 9/30/11 9:00:01 AM EDT
          • 2. Re: Skip host from autentication rule set

            thanks ittech

             

            We need filter with destination ip, is not an option filter with Client ip.

             

            We need that this ipaddress pass directly to internet without authentication and proxy.

             

            The trafic is not http. Could you show me any example to do that?

             

            Regards

            • 3. Re: Skip host from autentication rule set
              Jon Scholten

              Same as above but...

               

              If URL.Destination.IP is in list YOUR LIST (I find lists work better in these situations)

               

              Stop Cycle

               

              I have reservations for this working, as the traffic is not HTTP though..

               

              ~jon

               

              Message was edited by: jscholte, changed property from URL.IP.Destination to URL.Destination.IP on 9/30/11 8:56:27 AM CDT
              • 4. Re: Skip host from autentication rule set
                ittech

                Okay, first things first. Sorry if I misread your post.

                 

                Now, I'm wondering why your URL.Dest.Ip rule didn't work.

                 

                Shouldn't the MWG7 only filter port 80 and 443, assuming your only filtering HTTP and HTTPS?

                 

                Like this

                1.png

                • 5. Re: Skip host from autentication rule set
                  asabban

                  Hello,

                   

                  in this transparent bridge mode all packets which come from a client and have a destination port of 80 or 443 are intercepted by Web Gateway and sent into the proxy port 9090 for inspection. All other packets (which do have a different destination port) will simply be passed from A to B.

                   

                  Best,

                  Andre

                  • 6. Re: Skip host from autentication rule set

                    Hi,

                    The problem was a bad packet format:

                     

                    No.     Time        Source                Destination           Protocol Length Info                                                            Destination Port

                        355 6.603447    172.21.23.62          200.0.156.42          HTTP     348    POST /cgi-bin/autentia3-tran.fcgi HTTP/1.1  (text/plain)        http

                     

                    Frame 355: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits)

                        Arrival Time: Sep 30, 2011 03:18:16.744702000 Hora verano Sudamérica PacÃfico

                        Epoch Time: 1317363496.744702000 seconds

                        [Time delta from previous captured frame: 0.001432000 seconds]

                        [Time delta from previous displayed frame: 0.001876000 seconds]

                        [Time since reference or first frame: 6.603447000 seconds]

                        Frame Number: 355

                        Frame Length: 348 bytes (2784 bits)

                        Capture Length: 348 bytes (2784 bits)

                        [Frame is marked: False]

                        [Frame is ignored: False]

                        [Protocols in frame: eth:ip:tcp:http:data-text-lines]

                        [Coloring Rule Name: HTTP]

                        [Coloring Rule String: http || tcp.port == 80]

                    Ethernet II, Src: HewlettP_0d:a7:9a (00:16:35:0d:a7:9a), Dst: Cisco_b2:20:cd (08:17:35:b2:20:cd)

                        Destination: Cisco_b2:20:cd (08:17:35:b2:20:cd)

                            Address: Cisco_b2:20:cd (08:17:35:b2:20:cd)

                            .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

                            .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

                        Source: HewlettP_0d:a7:9a (00:16:35:0d:a7:9a)

                            Address: HewlettP_0d:a7:9a (00:16:35:0d:a7:9a)

                            .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

                            .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

                        Type: IP (0x0800)

                    Internet Protocol Version 4, Src: 172.21.23.62 (172.21.23.62), Dst: 200.0.156.42 (200.0.156.42)

                        Version: 4

                        Header length: 20 bytes

                        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))

                            0000 00.. = Differentiated Services Codepoint: Default (0x00)

                            .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

                        Total Length: 334

                        Identification: 0x6b4f (27471)

                        Flags: 0x02 (Don't Fragment)

                            0... .... = Reserved bit: Not set

                            .1.. .... = Don't fragment: Set

                            ..0. .... = More fragments: Not set

                        Fragment offset: 0

                        Time to live: 128

                        Protocol: TCP (6)

                        Header checksum: 0x66dc [correct]

                            [Good: True]

                            [Bad: False]

                        Source: 172.21.23.62 (172.21.23.62)

                        Destination: 200.0.156.42 (200.0.156.42)

                    Transmission Control Protocol, Src Port: unicontrol (2499), Dst Port: http (80), Seq: 1, Ack: 1, Len: 294

                        Source port: unicontrol (2499)

                        Destination port: http (80)

                        [Stream index: 12]

                        Sequence number: 1    (relative sequence number)

                        [Next sequence number: 295    (relative sequence number)]

                        Acknowledgement number: 1    (relative ack number)

                        Header length: 20 bytes

                        Flags: 0x18 (PSH, ACK)

                            000. .... .... = Reserved: Not set

                            ...0 .... .... = Nonce: Not set

                            .... 0... .... = Congestion Window Reduced (CWR): Not set

                            .... .0.. .... = ECN-Echo: Not set

                            .... ..0. .... = Urgent: Not set

                            .... ...1 .... = Acknowledgement: Set

                            .... .... 1... = Push: Set

                            .... .... .0.. = Reset: Not set

                            .... .... ..0. = Syn: Not set

                            .... .... ...0 = Fin: Not set

                        Window size value: 65535

                        [Calculated window size: 65535]

                        [Window size scaling factor: -2 (no window scaling used)]

                        Checksum: 0x99ab [validation disabled]

                            [Good Checksum: False]

                            [Bad Checksum: False]

                        [SEQ/ACK analysis]

                            [Bytes in flight: 294]

                    Hypertext Transfer Protocol

                        POST /cgi-bin/autentia3-tran.fcgi HTTP/1.1\n

                            [Expert Info (Chat/Sequence): POST /cgi-bin/autentia3-tran.fcgi HTTP/1.1\n]

                                [Message: POST /cgi-bin/autentia3-tran.fcgi HTTP/1.1\n]

                                [Severity level: Chat]

                                [Group: Sequence]

                            Request Method: POST

                            Request URI: /cgi-bin/autentia3-tran.fcgi

                            Request Version: HTTP/1.1

                        Host: localhost\r\n

                        Content-Type: text/plain; charset=utf-8\r\n

                        Date: Fri Sep 30 03:18:16 2011\r\n

                        CONTENT-LENGTH:       132\r\n

                            [Content length: 132]

                        \r\n

                        [Full request URI: http://localhost/cgi-bin/autentia3-tran.fcgi]

                    Line-based text data: text/plain

                        *\235=IØ\206H¯=`dg&:Ö\016䢸)õ\032RU\037·}<S·Î¶\201AJ3Ã\037}\231ÔJã\025º\227Ì}Ç ÍD{\217zP¶y½ßrùÊ=`N\025whe\006Ýï\021O,ða\020ÂÞ07Y\032\233Ewq\034?\224ãK\201\216 \ 217ÚÅÀÑÍzIY}\210\225ò×+C\026(\203ÆW=@Ó\221Á©ð\022_\036\205\005)\212õF

                     

                    I defined the 127.0.0.1 in the Bypass request and works fine

                     

                    Thanks