Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
0
Helpful
1
Replies

Cisco WSAv https Proxy Chaining not using the upstream Proxy

osvaldo Alcala Perez
Level 1
Level 1

‎02-10-2020 08:47 AM

HI experts i need some help with this

Cisco WSAv Proxy Chaining not using the upstream Proxy for https traffic..

 

i need to pass the XFF to our upstream  cloud proxy which is umbrella SWG

without enabling https decryption and using https/http proxy from the umbrella i'm able to send the traffic but i can only see the internal ip for HTTP traffic and not for https.

so i started to play with the decryption policy but when i enable this policy it  disable the https routing policy that send traffic to upstream policy... umbrella. and it hits the default routing policy which is direct...traffic never reaches the upstream proxy

 

any advise on how to implement the XFF for https without using the decryption policy? 

if using it. what are the steps to take?

 

 

 

 

 

 

 

 

 

Labels:
0 Helpful
1 Reply 1

osvaldo Alcala Perez
Level 1
Level 1

‎02-10-2020 11:57 AM

Looks like when https web proxy is enable we lose the ability to set routing policies for HTTPS and we should catch all with the global routing polic this includes the HTTPS traffic then must send the traffic to the upstream https proxy.
also for more specific traffic we need to catch with routing policies above the global routing policies
0 Helpful
Customers Also Viewed These Support Documents