Web Isolation

 View Only

Web isolation in transparent enviroment with ProxySG (WCCP)

  • 1.  Web isolation in transparent enviroment with ProxySG (WCCP)

    Posted Dec 21, 2017 10:27 AM

    Hello,

    have You managed to make Fireglass work in transparent deployment where all traffic is redirected to ProxySG through WCCP on ports 80 and 443, including traffic destined to FIREGLASS host?
    So basically, on ProxySG I have forwarding host to FIREGLASS as PROXY type on HTTP service for two ports 80 and 443 (both HTTP type as per instructions).

    All SSL is intercepted as I don't want to import FIREGLASS cert to endpoints.
    Fireglass CA is imported in CA store on ProxySG and browser trusted store on ProxySG

    In policy I have two rules:

    1. traffic destined to FIREGLASS forwarded to forwarding host TIE on port 443 (fireglass)
    2. traffic destined to youtube.com forwared to forwarding host 8080 on port 8080 (fireglass)

    So basicaly, all the traffic gets picked up by WCCP and ProxySG, converted to PROXY type and forwarded to FIREGLASS.
    I have tested numerous iterations of policy, but have not managed to make it work in transparent deployment.

    NOTE: In explicit deployment everything works great.

    Did I miss anything for transparent deployment with ProxySG?

    Thanks.

    Vedran Vujasinovic