Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1906
Views
0
Helpful
5
Replies

Paypal login problems

sba_ironport
Level 1
Level 1

‎10-17-2009 07:55 AM

Hi,

We have an S160 acting as web proxy and I'm fairly new to it. We can get to www.paypal.com but when we login it just states 'Please make sure you enter your email address and password correctly' and prompts for login details again.

The applicable log (I believe) is:
1255756501.097 0 192.168.1.149 TCP_DENIED/407 1668 CONNECT tunnel://paypal.112.2o7.net:443/ - NONE/- - OTHER-NONE-Active_Directory-NONE-NONE-NONE <-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-> -

I have put 'paypal.112.2o7.net, www.paypal.com, etc' in the bypass list and even made a no authentication url identity with these hosts, however none of this has worked. I am using an open policy allowing port 443.

Just wondering if anyone has some suggestions.
Linc.

Labels:
0 Helpful
5 Replies 5

khoanguy
Level 1
Level 1

‎10-19-2009 11:30 PM

Try a no auth identity based on a single client ip address, then have that identity apply to both access policy and decryption policy (if https is enabled).

The error is an auth error. So some pages redirect to https. Any https request should not required authentication, since data is encrypted, unless you are using explicit forward proxy or auth based on client ip address.

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎11-21-2022 02:14 AM

Hi @sba_ironport 

 

the TCP_DENIED/407 is Explicit Proxy Authentication Required

so I assume you are using Explicit Proxy mode.  

to be able to bypass traffic in Explicit Mode, you need to bypass it from Client side, if you are using PAC file, You can bypass there, else you need to bypass in the Browser.

 

kindly note that TCP_DENIED/407 is expected,  WSA will ask for user credentials, so we need to check other access logs line as well to see what is the final decision. 

 

 

another thing I need to double check with you, is please consider the order of your Custom URL categories, Decryption policy and Access policy, please note that, they are prioritized from Top to down, so make sure they are placed in proper position. 

 

and one last thing, while you mentioned bypass, did you mean Passthrough in the Decryption Policy, or Bypass list in the WSA?   

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

0 Helpful

alisha_rascon01
Level 1
Level 1

‎12-23-2022 08:49 PM

Well, I know that it is an official PayPal website for two reasons: it is linked to my PayPal account (from paypal.com) and while it was flagged as phishing by OpenDNS I have used another DNS server to access the website, transferred through it 350 Euro to my PayPal account and the transfer was processed correctly, the money did not vanish and I could buy a product with that money. I have also contacted PayPal, but they are slow to answer the tickets.

0 Helpful

romainebqw
Level 1
Level 1

‎01-09-2023 01:50 AM - edited ‎01-09-2023 02:31 AM

i also phasing some issues about paypal besacily we giving emergency mobile locksmith service and we use this on our payment getways 

0 Helpful

detoxtechnologies
Level 1
Level 1

‎11-09-2023 04:20 AM

I likewise staging a few issues about paypal basically we giving crisis versatile locksmith administration and we utilize this on our installment getways

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents