ProxySG & Advanced Secure Gateway

 View Only
  • 1.  AutoCad Login block

    Posted Oct 27, 2020 09:56 AM

    Hi Guys,

    Our engineering department used Autocad application, when application open it required to login to Autodesk servers but our ProxySG is blocking it. Here what Autoodesk to unblock: but still not working.

    *.autodesk.com

    www.autodesk.com
    access.clic.autodesk.com
    clm.clic.autodesk.com
    accounts.autodesk.com
    api.autodesk.com
    cur.autodesk.com

    Note: Need to have Content-Type: multipart/form-data enabled for cur.autodesk.com, otherwise payload sending would fail)

    registeronce.autodesk.com
    cdn.accounts.autodesk.com
    developer.api.autodesk.com



  • 2.  RE: AutoCad Login block

    Broadcom Employee
    Posted Oct 27, 2020 11:00 AM
    Hello Rolando, 

    You may want to disable Decryption for those destinations as well while you are at it, in case the App or the server does the Cert pinning, and Disable Authentication as a test , again only for those destinations or only for the source user IP.

    When you say "but our ProxySG is blocking it." does this mean that you get a block/deny page from the proxy or do you have any evidence indicating that this is a block and for example not a TCP issue?
    Did you have a chance to take a policy trace on the proxy, with the source client IP while the issue being reproduce, and look for the client.response codes , 403, 502, 503, 500 or even 0 and see if you hit a Deny rule and for what request in particular, as you may discover there is one more destination that may needs to be allowed.

    If the policy trace does not indicate any exceptions or deny/denies or errors for the request , then perhaps the issue on the TCP level meaning perhaps a TCP or SSL Handshake failure. This is where a pcaket capture taken on the proxy filtering for the client ip and all of the above destinations will show you the client to proxy connection and proxy to server connection. Analyzed by a pcap expert from your side will be easy to spot what is causing the issue.

    I hope this helps.
    Slava



  • 3.  RE: AutoCad Login block

    Broadcom Employee
    Posted Oct 27, 2020 11:05 AM
    Hello Rolando, 

    On another note, a quick internet search for ProxySG and Autocad issue revealed this link from Autocad them self , and it looks like they are asking their clients to bypass the Autocad destination from the proxy , meaning not sending that traffic trough a proxy at all. I would encourage any one to follow the vendors recommendation.
    Related information: https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/AutoCAD-requests-to-Autodesk-servers-blocked-by-proxy-servers.html

    I hope this helps.
    Slava