ProxySG & Advanced Secure Gateway

 View Only
  • 1.  Policy trace query..

    Posted Feb 12, 2019 03:09 AM

    Can you please confirm what is the exact difference between server response and client. response and why only client response shows 200 code. 

    We are not doing SSL interceptions. 

     

    CONNECT tcp://symc.webex.com:443/
      DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
    user: name="AS1\Umesh Manyar" realm=AS1
    authentication status='none' authorization status='none'
      url.category: none@Policy;none@Local;Online Meetings@Blue Coat
        total categorization time: 0
        static categorization time: 0
    server.response.code: 0
    client.response.code: 200

    application.name: unavailable
    application.operation: unavailable
    application.group: unavailable
    DSCP client outbound: 65
    DSCP server outbound: 65



  • 2.  RE: Policy trace query..

    Broadcom Employee
    Posted Feb 12, 2019 05:47 AM

    Hi Umesh,

     

        For Un-intercepted SSL Connections, we can’t really see what is the server response code as the Proxy is not part of the HTTP transaction happening within the SSL tunnel. The Code 200 OK is to accept the CONNET request which the Proxy is sending back hence it is marked. If this is for an SSL Intercepted connection, you will get a trace line for the actual https://...... url request and the correct response codes within

     



  • 3.  RE: Policy trace query..

    Posted Feb 12, 2019 06:02 AM

    As per my understanding proxy is also making a separate connection with web server behalf client PC by parking user request right..?

    Can you explain the following also 

     

    CONNECT tcp://fornitori.esselunga.it:443/
        DNS lookup was unrestricted
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36
      user: name="AS1\Umesh Manyar" realm=ESC_IWA_Direct
      authentication status='none' authorization status='none'
        EXCEPTION(tcp_error): Request could not be handled
        url.category: Business/Economy@Blue Coat;Restaurants/Dining/Food@Blue Coat
          total categorization time: 0
          static categorization time: 0
      server.response.code: 0
      client.response.code: 503
      application.name: none
      application.operation: none
      DSCP client outbound: 65
      DSCP server outbound: 65
    


  • 4.  RE: Policy trace query..

    Broadcom Employee
    Posted Feb 12, 2019 06:11 AM

    Hi Umesh,

     

        To understand this, there are 3 connections or sessions to be aware of.

    1. TCP Session
    2. SSL Session
    3. HTTP Session

    The first one, TCP session will be separate between Client-Proxy and Proxy-server in all cases. The second one, SSL Session will depend on whether connection is SSL Intercepted by the proxy or not. If not intercepted, the same SSL Session will be happening between Client and Server. Proxy will be just passing packets (provided the connection is allowed). The Third, HTTP Session also be visible to proxy on SSL intercepted connections. So when you say proxy is making separate connection, it will be just a TCP session in case of non-intercepted ssl connection.

    The trace you share is different where the TCP session between Proxy-Server didn’t happen. Thus the client is given back an error response of 503