Secure One Services Group

Expand all | Collapse all

ProxySG | Cannot access only https website

Jump to Best Answer
  • 1.  ProxySG | Cannot access only https website

    Posted 02-26-2018 10:10 AM
      |   view attached

    Dear All

       I have issue about cannot access https website. Client connect to Forward Proxy type Explicit.

    http can access normal but https cannot access when i have to checked access logging and Trace policy maybe this issue concern about Authentication mode

    Customer use Radius authen and select mode is origin-cookies redirect.

      since implement never have problem about access https just today start to cannot access https i try to chage authen mode to Proxy IP it back to normal can access https website

    but cannot use this mode they have virtual url to redirect. they have many branch and configuration other branch it same i have check already.

    only this site cannot access https website. please recommend how can i resolve this issue

    i upload access logging , policy trace and sysinfo please see from attach files.

     

    Best Regards,

    Chakuttha R.

    Attachment(s)

    zip
    secure_one.zip   140 KB 1 version


  • 2.  RE: ProxySG | Cannot access only https website
    Best Answer

    Broadcom Employee
    Posted 02-26-2018 10:05 PM

    Hi Chakuttha,

     

                    They are trying to use redirect based authentication on explicit proxy which will not work for the CONNECT requests as it won't take redirect as a response. Once the SSL Interception is through, they a redirect based auth will work. The error in policy trace is clear on this

     

      EXCEPTION(configuration_error): Authentication failed because of a configuration problem
      Last Error: Cannot use origin-redirect or form-redirect for CONNECT method (explicit proxy of https URL)

     

    Ref: https://support.symantec.com/en_US/article.TECH242876.html

     

                If they are in need of such redirect based auth, they will have to make sure that the first request is HTTP and use a surrogate based auth mode like "Origin-IP-Redirect" to get it authenticated once during the surrogate refresh time.



  • 3.  RE: ProxySG | Cannot access only https website

    Broadcom Employee
    Posted 02-28-2018 12:55 AM

    Hi Chakuttha,

     

                     The issue only happens when the first request is HTTPS Connect and proxy can't redirect it for authentication. Taking policy trace could give away the reason on why it is not happening on other branchs.



  • 4.  RE: ProxySG | Cannot access only https website

    Posted 02-27-2018 10:37 PM

    Dear Aravind,

     Thank you so much on this KB.

    but i don't understand other branch don't find this issue normal to acceess https website .   This issue happen only this site.

    configuration this site and other site it same. change only IP address.

    Can you recommend more information  to check it ?