Solutions

Users are bypassing ProxySG policy

Solutions ID:    KB3502
Version:    2.0
Status:    Published
Published date:    10/19/2009
Updated:    10/26/2009
 

Problem Description

Users are bypassing ProxySG policy
All users have full access to the Internet
None of the users were showing up in the access logs
When debugging, the proxy administrator was unable to obtain a policy trace
Traffic was being redirected via WCCP to the proxy.  Problem can also occur if the proxy is inline

Resolution

The main problem here is the ProxySG is not intercepting traffic.  There are several places to check to make sure the ProxySG is intercepting.

1.)  In the Management Console ( https://<ip.address.of.proxysg>:8082/ ) go to the Configuration tab > Services > Proxy Services > Restricted Intercept List tab.  Make sure the proxy is configured to "Use Proxy Service rules for interception".

2.)  Click on the Static Bypass List tab (to the left of the Restricted Intercept List tab).  Make sure few, if any rules exist here.  If you have an <All>/<All> rule, meaning any client IP address or subnet can access any server IP address or subnet, delete it and click on the Apply button to save your changes.  If you do have rules in here, make sure the rules are not overly generous.  Make sure you understand the source and destination IP addresses or subnets and that you are OK with the bypass.

3.)  Click on the Proxy Services tab (to the left of the Static Bypass List tab).  If you are running SGOS 5.4 (or any other version that uses service groups), look at the "Standard" service group and make sure that port 80 is set to "Intercept".  If you are configured using WCCP, make sure that any ports that are being redirected via WCCP are also set to "Intercept".  If the ports do not fall under the "Standard" service group, then you may need to look for the ports under the other service groups.  Once you make your changes, click on the "Apply" button to save your changes.

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question