5 Replies Latest reply on Jul 15, 2015 8:07 AM by clath13

    ePO bypassing the proxy?

    clath13

      So...I've installed an ePO 5.3.0 server in my environment and am trying to get the directory services connector working with my saas portal.  I've installed Wireshark and when I try to go to portal.saascontrol.com from within ePO as I'm trying to add the DSC server it doesn't go via my proxy but tries to go straight out and I get "Unable to connect to portal.saascontrol.com".  I've modified the proxy settings within ePO to be by host name and then by IP and in neither case will ePO go to the proxy.  If I open a new tab and browse to Google.com I go to the proxy.  Is there some setting I'm missing somewhere?

      Thanks,

      Claire

        • 1. Re: ePO bypassing the proxy?
          clath13

          Here's some additional info.  It seems that my ePO server is able to route to the proxy - it's just the Directory Services Connector that can't.  If I update the product list I can watch the ePO server go out through the proxy.  I'm wondering if there is a catalina xml file somewhere I can edit to include the proxy settings for the DSC server.

          • 2. Re: ePO bypassing the proxy?
            clath13

            Even more info that makes me just a bit cranky (actually makes me a lot cranky):

             

            Found this on the support.mcafeesaas.com site. I have no idea what the date of it is. I do know if it's true I'm pretty disgusted.
            _____________
            Question:
            Will the Directory Services Connector Work With an Internet Proxy?
            Answer:

            Info

            At this time, the Directory Services Connector (DSC) is not designed to function over a proxy. It will communicate to saascontrol.com over HTTPS on port 443. While support for proxies may be added in the future, there is no set timeframe for this addition.

            Should you have additional questions, please contact us at 877/695-6442 or log a service request for additional assistance.

            • 3. Re: ePO bypassing the proxy?
              Troja

              Hi,

              i noticed such a behavior with other products so far. Not every EPO component uses the Proxy Settings done in the EPO Server Settings.

               

              First of all i would check if the DSC connector uses HTTP inside the SSL traffic. In many cases we saw different products using SSL over port 443 but this is not HTTP. Therefore a Proxyserver cannot Proxy such a traffic. :-(

               

              On the other side i do not know if McAfee (Intel) will do so much changes with the SaaS Connections, because EPO cloud will be available.

               

              I know this does not solve your problem, but at the moment it looks like there is no solution even you are implementing a transparent Proxy Solution. We use this as an Option at customers where applications are not able to uses a Proxy.

               

              Cheers

              • 4. Re: ePO bypassing the proxy?
                clath13

                Alright so I have resigned myself to the fact that I will have to bypass the McAfee Web Gateways with the McAfee Directory Services Connector.  I've asked my firewall guy to poke a hole to portal.saascontrol.com which I have determined to be 208.65.147.160 through wire shark packet captures of my failed attempts, nslookup, and centralops.net.  He pokes the hole to 208.65.147.160 and the DSC instantly attempts to go to 208.65.147.164 - really?  Does anyone know all the IPs for portal.saascontrol.com (which is actually mxl147vXXX.mxlogic,net, where XXX=the last octet)?  I've gone all the way down to 208.65.145.1 and up to 208.65.150.255 so far - any idea if this is really the range?   So I put on my best CIDR hat and can get from 208.65.144.0 thru 208.65.151.255 as 208.65.145.1/21 - but that's not really it.  What is everyone else using?  If I continue to one-off my network guy he's going to quit speaking to me.

                Thanks for the help,

                Claire

                • 5. Re: ePO bypassing the proxy?
                  clath13

                  I submitted a ticket and got a tiny url that has all the IPs and hosts for just about everything:  http://mcaf.ee/hyvxk