0 Replies Latest reply on Aug 26, 2014 5:24 PM by blakegonterman

    SOCKS Proxy Ruleset and Logging

    blakegonterman

      Hello All,

       

      I've used the articles and threads on the communities site to learn quite a bit, but SOCKS information is pretty sparse. My hope is that my question will help someone in the future facing the same issues. We have SOCKS setup for several services already, but we're looking to change over to the GUI setup for ease of management.

       

      First off, I've added the Common Rules/SOCKS Proxy from the Rule Set Library in 7.4.2.x.x. In there I've added a new rule under "SOCKS Proxy > Protocol Detection > below Block Protocols that are not in protocol whitelist". Is this the proper place for new rules?

       

      For the rule I created, my trace looks as such:

      SOCKS:     (remove X-Forwarded-For)

      SOCKS://DestinationIP:port   (hits my stop cycle rule)

      SOCKS://DestinationIP:port   (SOCKS Proxy > Protocol Detection > Enable Filtering)

      SOCKS://DestinationIP:port   (Remove Headers > remove X-Forwarded-For)

      Does this look normal?

       

      Lastly, my knowledge of the logging facilities leaves a bit to be desired. How would I setup the logging to show something along these lines?

      Aug 26 19:16:29 (1409080589.821634) sockd[<PID>]: info: block(3): tcp/accept ]: <Src_IP.Port> <Dst_IP.Port>