topic When decrypt for in Web Security

HTTPs sites randomly not working on WSA 170

sarabsin — Wed, 20 Apr 2016 17:44:50 GMT

HTTPs sites randomly not working on WSA 170 seeing following in access logs when it happens. what does DENY_ADMIN_2 mean here?

What could be possible cause? the other times it works fine. 3 out 10 times it gives this error message.

1461173910.696 104 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.010 154 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.115 103 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/ubc.ca - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-","-"> -
1461173911.452 334 10.36.198.77 TCP_DENIED/403 0 TCP_CONNECT 142.103.59.207:443 - DIRECT/142.103.59.207 - DENY_ADMIN_2-NONE-HAC_AD-NONE-NONE-NONE-DefaultGroup <IW_edu,1.5,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,IW_edu,-,"-","-","Unknown","Unknown","-","-",0.00,0,-,"-","-",-,"-",-,-,"-"

chrome displays following message when it happens:

This site can’t be reached

ubc.ca unexpectedly closed the connection.

ERR_CONNECTION_CLOSED

It looks you are running WSA

Tao Yang — Wed, 20 Apr 2016 23:30:38 GMT

It looks you are running WSA in transparent mode with WCCP enabled and in the meantime, "

Decrypt for Authentication:" option in HTTPs Proxy is also enabled for proxy authentication.

Hi Tao. What does this mean?

Andre Neethling — Fri, 22 Apr 2016 08:13:34 GMT

Hi Tao. What does this mean? Should you not run these two things together? I have this issue as well.

When decrypt for

Handy Putra — Sat, 23 Apr 2016 04:40:27 GMT

When decrypt for authentication and WCCP is used together, this should be ok. However please note there is limitation in the proxy for 3 conditions below:

1. WCCP/transparent mode

2. HTTPS traffic

3. Authentication

And depends on the authentication surrogate used there is certain limitation on this (consult the user guide)

Would recommend to open a TAC case for the engineer to dig deep on to this based on the network environment and also possible defect (such as if you are using CDA or AD agent as your authentication).

The DENY_ADMIN_2 might

Handy Putra — Sat, 23 Apr 2016 04:42:48 GMT

The DENY_ADMIN_2 might indicating there is combination issues between https traffic with WCCP/transparent mode and authentication surrogate used (for example IP address surrogate).

Would recommend open TAC case to investigate in details and to explore possible defect as well (such as if you are using TUI as authentication using CDA or AD agent)