Solved: Re: Brand new WSA demo refusing to proxy web traffic

Tod Larson · ‎08-28-2015

I've deployed an S000V Web Security Virtual Appliance with a demo license an all default configurations using the quick start guide.

It only has the M1 interface 192.168.1.100.

I configured my PC LAN proxy settings for 192.168.1.100:3128 and again for port 80.

When I configure the PC LAN proxy then my access to the internet breaks. Chrome says ERR_PROXY_CONNECTION_FAILED, Firefox says the proxy refused the connection.

Where can I start to make this work as an explicit web proxy?

thank you,

Siddharth Rajpathak · ‎08-31-2015

Hi Tod,

Your tests are accurate and do indicate that WSA is able to connect outbound to the Internet.

The "ERR_PROXY_CONNECTION_FAILED" error seen on the browser likely indicates that the WSA is not listening for traffic on port 3128 or port 80.

Could you run the command - netstat - from WSA CLI?

It should help us in checking if WSA is listening on port 3128 and/or port 80

1) If netstat shows that WSA is not listening on port 3128 or port 80 then:

Browse to GUI > Network > Interfaces > Ensure that "Separate Routing for Management Services:" is not checked
Browse to GUI > Security Services > Web Proxy > Click "Edit Settings" > Check if you get any Acknowledgment page and that ports 3128 & 80 are listed
If both of the above steps look good, then tail the proxy logs on WSA to see if there are any errors (steps below)

2) If netstat shows that WSA is listening on port 3128 and/or 80 then:

Proxy logs should help us in understanding if proxy is rejecting connections. Please "tail" the proxy logs to check if there are any errors

Steps to tail proxy logs:
-------------------------------------------

Connect to the WSA CLI via SSH
Use the command: tail and press 'Enter'
Select the log with "Type: Default Proxy Logs"

Sid

View solution in original post

Atazazuddin Shaikh · ‎08-28-2015

Tod

it normally happens if the client is infected by some sort virus, you can try following:

from the client browser:

1. Uncheck the explicit proxy

2. Check the "automatically detect setting

3. Make sure WSA can connect to website form the CLI, by nslookup or revers telnet etc.

Steps here:

https://www.youtube.com/watch?v=wIQHCxAzD4Y

Thanks

Zack

Tod Larson · ‎08-28-2015

When I select "automatically detect settings" then my PC simply bypasses the WSA proxy. I have no proxy files to be auto detected.

With "automatically detect settings" selected I don't see in my WSA that it's doing the proxying.

Below I show than the WSA has internet connectivity.

ironport.local> nslookup www.google.com

A=173.194.121.51 TTL=30m
A=173.194.121.52 TTL=30m
A=173.194.121.48 TTL=30m
A=173.194.121.50 TTL=30m
A=173.194.121.49 TTL=30m
ironportlocal> telnet www.google.com 80

Trying 173.194.121.51...
Connected to www.google.com.
Escape character is '^]'.
Connection closed by foreign host.
ironport.local>

Atazazuddin Shaikh · ‎08-28-2015

Thanks for testing it Tod, Please go ahead create a TAC case so we can further troubleshoot and provide assistant quickly.

Regards,

Zack

Siddharth Rajpathak · ‎08-31-2015

Hi Tod,

Your tests are accurate and do indicate that WSA is able to connect outbound to the Internet.

The "ERR_PROXY_CONNECTION_FAILED" error seen on the browser likely indicates that the WSA is not listening for traffic on port 3128 or port 80.

Could you run the command - netstat - from WSA CLI?

It should help us in checking if WSA is listening on port 3128 and/or port 80

1) If netstat shows that WSA is not listening on port 3128 or port 80 then:

Browse to GUI > Network > Interfaces > Ensure that "Separate Routing for Management Services:" is not checked
Browse to GUI > Security Services > Web Proxy > Click "Edit Settings" > Check if you get any Acknowledgment page and that ports 3128 & 80 are listed
If both of the above steps look good, then tail the proxy logs on WSA to see if there are any errors (steps below)

2) If netstat shows that WSA is listening on port 3128 and/or 80 then:

Proxy logs should help us in understanding if proxy is rejecting connections. Please "tail" the proxy logs to check if there are any errors

Steps to tail proxy logs:
-------------------------------------------

Connect to the WSA CLI via SSH
Use the command: tail and press 'Enter'
Select the log with "Type: Default Proxy Logs"

Sid

Tod Larson · ‎09-02-2015

We opened a TAC case. Here is what they did to fix it.

Problem description: Proxy was not filtering the traffic.

Resolution summary:

WSA was not listening on ports 80/3128

ironport:service 1] netstat -an| grep LISTEN

tcp4 0 0 192.168.1.155.8443 *.* LISTEN

tcp4 0 0 192.168.1.155.8080 *.* LISTEN

tcp4 0 0 127.0.0.1.18081 *.* LISTEN

tcp4 0 0 192.168.1.155.21 *.* LISTEN

tcp4 0 0 192.168.1.155.22 *.* LISTEN

tcp4 0 0 127.0.0.1.53 *.* LISTEN

ironport:service 2]

It was configured to however.

Secondly, proxy process was constantly restarting

Mon Aug 31 10:01:05 2015 Info: prox: exited with return code 1

Mon Aug 31 10:01:10 2015 Info: prox: starting

Mon Aug 31 10:01:10 2015 Info: prox: started PID=97598

Mon Aug 31 10:01:10 2015 Info: prox: exited with return code 1

Mon Aug 31 10:01:15 2015 Info: prox: starting

Mon Aug 31 10:01:15 2015 Info: prox: started PID=97604

Mon Aug 31 10:01:15 2015 Info: prox: exited with return code 1

Mon Aug 31 10:01:20 2015 Info: prox: starting

Mon Aug 31 10:01:21 2015 Info: prox: started PID=97605

Mon Aug 31 10:01:21 2015 Info: prox: exited with return code 1

Mon Aug 31 10:01:26 2015 Info: prox: starting

Revert the AsynOS to current version which cleared up the issue. Below are the steps to revert from CLI:

ironport> revert

This command will revert the appliance to a previous version of AsyncOS.

Warning: Reverting the appliance is extremely destructive.

The following data will be destroyed in the process and should be backed up:

- current system configuration file

- all log files

- all reporting data (including saved scheduled and archived reports)

- any custom end user notification pages

This command will try to preserve the current network settings.

Reverting the device will cause a reboot to take place.

After rebooting, the appliance reinitializes itself and reboots

again to the desired version, with the earlier system configuration.

Do you want to continue? [N]> y

Are you sure you want to continue? [N]> y

Available versions

=================

1. 8.8.0-085

Please select an AsyncOS version: 1

You have selected "8.8.0-085".

The system will now reboot to perform the revert operation.

Tunnel port is unresponsive. Contact the customer to re-establish the tunnel.

>

Revert process is not recommended in production environment. Always perform revert in the off production hours and save the configuration before reverting.

It has been a pleasure to work with you. Thank you for choosing Cisco.

Niss.comps · ‎08-30-2024

Hello sid,

I am facing similar issue. All the previous steps are good but Tailing the default proxy logs returns output similar to the following:

Fri Aug 30 10:39:46 2024 Info: PROX_CONNTRACK : - : [34462:0] Total No. of active client connections = 1, active server connections = 0

please help

thank you

amojarra · ‎09-01-2024

Hello @Niss.comps

Hope you are doing fine,

May I ask if you are getting this Error: ERR_PROXY_CONNECTION_FAILED

if so, Kindly check the ProxyError Logs for any warning/Error/Critical

and if you are using virtual WSA, kindly check the output of: CLI > etherconfig > media and make sure there are 5 Network interface card.

if not, you need to edit your VM and add them, ( it is OK that you are not using them, but they should be there)

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Niss.comps · ‎09-10-2024

Hello @amojarra,

I hope you are doing fine too,dear. Thanks!

My dashboard shows empty traffic statistics:

I also see these alerts[but not sure if that is the cause]:

This vm image is misconfigured. The expected configuration of this virtual model is 8192 MB of RAM. It is currently configured with 6144 MB of RAM. This configuration is an untested state.
This vm image is currently misconfigured. The expected configuration for this virtual model is 3 CPU(s).It is currently configured with 2 CPU(s). This configuration is in an untested state.

Outputs from CLI
>etherconfig
Ethernet interfaces:
1. Management (Autoselect: <1000baseT full-duplex>) <mac add>
2. P1 (Autoselect: <link is down>) <mac add>
3. P2 (Autoselect: <link is down>) <mac add>
4. T1 (Autoselect: <link is down>) <mac add>
5. T2 (Autoselect: <link is down>) <mac add>

**We are using Management Interface for traffic***

>netstat
tcp4 0 0 <WSA_IPAdd>.3128 *.* LISTEN
tcp4 0 0 127.0.0.1.3128 *.* LISTEN
tcp4 0 0 <WSA_IPAdd>.80 *.* LISTEN
tcp4 0 0 127.0.0.1.80 *.* LISTEN
==============
>tail
28. "proxylogs" Type: "Default Proxy Logs" Retrieval: FTP Poll
[]28
Tue Sep 10 10:55:34 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:00:41 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:05:50 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:10:59 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:16:06 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:20:39 2024 Warning: PROX_CONNTRACK : - : [82193:0] Total ClientInfo cleaned up: 0

Tue Sep 10 11:20:39 2024 Warning: PROX_CONNTRACK : - : [82193:0] Total ServerInfo cleaned up: 0

Tue Sep 10 11:21:13 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:26:21 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:31:28 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:36:36 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:41:44 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:46:51 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:50:41 2024 Info: PROXY : - : [82193:0] FastRPCSocketWrite: writev failed: fd=117 errno=32 (Broken pipe)
Tue Sep 10 11:50:41 2024 Info: PROXY : - : [82193:0] FastRPCClientSocketWrite(BEAKER1): FastRPCSocketWrite failed: path=/tmp/beaker_fastrpc.sock fd=117
Tue Sep 10 11:50:41 2024 Info: PROXY : - : [82193:0] FastRPCReset(BEAKER1): path=/tmp/beaker_fastrpc.sock fd=117
Tue Sep 10 11:50:41 2024 Info: PROXY : - : [82193:0] FastRPCClientConnect(BEAKER1): connected: path=/tmp/beaker_fastrpc.sock fd=117
Tue Sep 10 11:51:12 2024 Info: PROXY : - : [82193:0] FastRPCSocketWrite: writev failed: fd=919 errno=32 (Broken pipe)
Tue Sep 10 11:51:12 2024 Info: PROXY : - : [82193:0] FastRPCClientSocketWrite(ASCLIENT1): FastRPCSocketWrite failed: path=/data/tmp/wbrsd_fastrpc.sock.1 fd=919
Tue Sep 10 11:51:12 2024 Info: PROXY : - : [82193:0] FastRPCReset(ASCLIENT1): path=/data/tmp/wbrsd_fastrpc.sock.1 fd=919
Tue Sep 10 11:51:12 2024 Info: PROXY : - : [82193:0] FastRPCClientConnect(ASCLIENT1): connected: path=/data/tmp/wbrsd_fastrpc.sock.1 fd=919
Tue Sep 10 11:51:59 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 2
Tue Sep 10 11:57:09 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 12:02:17 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 12:07:25 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Waiting for data... (interrupt to abort

Thank you.

amojarra · ‎09-11-2024

Thank you @Niss.comps for all the details

first of all, please change the CPU/RAM to the recommended configuration, since all the tests has been done with those configuration, and we might see some mis-behavior if they are mis-configured.

in General seeing any of these logs are expected and OK :

Tue Sep 10 11:16:06 2024 Info: PROX_CONNTRACK : - : [82193:0] Total No. of active client connections = 1, active server connections = 0
Tue Sep 10 11:20:39 2024 Warning: PROX_CONNTRACK : - : [82193:0] Total ClientInfo cleaned up: 0

May I ask what is the exact issue with your WSA, are you receiving: Chrome says ERR_PROXY_CONNECTION_FAILED, Firefox says the proxy refused the connection.

if so, we need to have:

[1] PCAP from WSA and from Client to see the network traffic behavior.

[2] what is the output of rate command in the CLI

[3] can you please confirm your licenses are Active and Valid.

[4] do you have issue with both HTTP and HTTPS or just one of them.

I would say if after changing the resources to supported value this didnt help the situation, please open a TAC case, we will review the backend logs.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++