7 Replies Latest reply on May 14, 2012 3:03 PM by wcliffor

    Anyone know what a Proxy loop is?

    wcliffor

      I'm seeing this within ny showaudit -kH a.b.c.d output.

       

       

      reason: Proxy loop detected in burb 123345566

       

      Thanks,

       

      Bc

        • 1. Re: Anyone know what a Proxy loop is?
          sliedl

          Paste the whole audit message.

          • 2. Re: Anyone know what a Proxy loop is?
            wcliffor

            Thanks for looking, I appreciate it.

             

            a.b.c.80 -> a.b.c.80 via snmp

             

             

            May 14 16:15:28 2012 GMT  f_snmp_proxy a_proxy t_aclallow p_major

            pid: 82097 ruid: 0 euid: 0 pgid: 82097 logid: 0 cmd: 'snmpp'

            domain: SNMx edomain: SNMx hostname: xxxxxxx.com

            event: ACL allow srcip: a.b.c.80 srcport: 1030 srcburb: internal

            dstip: x.y.z.37 dstport: 161 dstburb: internal protocol: 17

            service_name: snmp filter user_name: (null) auth_method: (null)

            rule_name: POLLER to SW-A - SNMP cache_hit: 0

            reason: Traffic allowed by policy.

             

             

            May 14 16:15:28 2012 GMT  f_snmp_proxy a_proxy t_error p_major

            pid: 82097 ruid: 0 euid: 0 pgid: 82097 logid: 0 cmd: 'snmpp'

            domain: SNMx edomain: SNMx hostname: xxxxxxx.com

            event: proxy loop host netsessid: 0 srcip: a.b.c.80 srcport: 1030

            srcburb: internal dst_local_port: 1030 protocol: 17 dstip: x.y.z.37

            dstport: 161 dstburb: internal attackip: a.b.c.80 attackburb: internal

            rule_name: <none>

            reason: Proxy loop detected in burb 134667255.  The session was terminated.

            • 3. Re: Anyone know what a Proxy loop is?
              sliedl

              What version are you on?

               

              This is not good:

               

              rule_name: <none>

              reason: Proxy loop detected in burb 134667255

               

              You can't name burbs starting with a number (unless you typed that number there).

               

              The first audit says the source/dest burbs are the same for the 'SNMP proxy', which sounds incorrect to me.  This sounds like maybe the proxy is grabbing traffic meant for the SNMP server/agent.  That might cause a proxy loop.  You cannot have the SNMP proxy and server listening on the same burb/zone at the same time.

              • 4. Re: Anyone know what a Proxy loop is?
                wcliffor

                7.01.02

                • 5. Re: Anyone know what a Proxy loop is?
                  wcliffor

                  !reason: Proxy loop detected in burb 134667255

                  !You can't name burbs starting with a number (unless you typed that number there).

                   

                  I'm not sure why the showaudit output creates that numerical value for the burb names. Its actually been named "internal".

                   

                  !The first audit says the source/dest burbs are the same for the 'SNMP proxy', which sounds incorrect to me.

                   

                  We're trying to poll the internal side of the SWFW, the source of the traffic is routed to the "internal" burb trying to poll this "internal" SWFW interface.  

                   

                   

                  Thanks for looking at this with me,

                   

                  Bc

                  • 6. Re: Anyone know what a Proxy loop is?
                    sliedl

                    You have the SNMP proxy listening on the internal burb.  Find that rule and disable it.  Then make sure you have the SNMP agent listening in a rule with source/dest burbs of internal.

                    • 7. Re: Anyone know what a Proxy loop is?
                      wcliffor

                      Update:

                       

                      The loop issue appears to be resolved, just unable to construct a rule that permits this traffic.

                       

                      Seems that a host to host rule should be easy enough, but not having any success right now. I've created proxy rules, then tried a filter to no joy.