04-30-2013 01:57 AM
I have a query (an issue rather) with IronPort WSA transparent proxy with WCCP redirect.
WCCP is configured on our internet ASA firewall inside interface to the WSA. In the WCCP redirect access list we are not restricting any ports (it is 'any'). And the transparent proxy is working fine for all the normal HTTP and HTTPS traffic.
The issue is that when we try to access siites like http://abcdefg:8180 through the transparent proxy, it is unable to get the page. It gives and error that the connection has timed out. I used HttpWatch to monitor this traffic and it shows "NS_ERROR_NET_TIMEOUT".
We have an explicit forward proxy as well, and when we try accessing the same site through that, it works well.
My query is, will the transparent proxy with WCCP redirect support only HTTP and HTTPS. Can't we get other ports also working through that. If it is not, I wonder what is the use of configuring transparent proxy.
IronPort Model: S670
Request your assistance.
04-30-2013 02:20 AM
In your Access Policies in Protocols and User Agents do you have the extra ports configured there?
04-30-2013 02:50 AM
Thank you for the prompt response.
Well, I checked and found that these options are kept as default. Nothing has been selected specifically. Could you provide more infrormation as to what exactly I need to change in the access policy.
Below is the screenshot:
04-30-2013 02:57 AM
That scrrenshot is from the Identity page.
Go to Access Policy and then the second column along "Protocols and User Agents".
Under the "HTTP CONNECT Ports" is the list of allowed ports, you can add extra ports in here or you can add the entire range 1-65535.
04-30-2013 04:33 AM
Well, I have done this. I tried the entier range 1-65535 as well. But no luck.
Is there anything else that can be done.
04-30-2013 06:00 AM
Since you are using WCCP you need to add this port to the ports that are redirected. The WSA controls which ports will be sent to it in the negotiation with the WCCP protocol. In the WSA go to Network > Transparent Redirection and edit your service to add the new port. Note as the GUI states there are a maximum of 8 ports which can be redirected.
05-04-2013 01:34 AM
I have already tried this as well. However, it did not solve my issue.
I wonder why it is working in foreward proxy and not in transparent proxy.
05-07-2013 04:28 AM
Can anyone suggest me on this please? I need to roll out the transparent proxy in the network and sites with ports other than HTTP or HTTPS doesnt seem to work..!!
PS: I find it very strange that I get very less number of responses when I put queries related to transparent proxy.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: