cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2105
Views
0
Helpful
7
Replies

Query on Transparent Proxy with WCCP

ahamadfaiz
Level 1
Level 1

Hi All,

I have a query (an issue rather) with IronPort WSA transparent proxy with WCCP redirect.

WCCP is configured on our internet ASA firewall inside interface to the WSA. In the WCCP redirect access list we are not restricting any ports (it is 'any'). And the transparent proxy is working fine for all the normal HTTP and HTTPS traffic.

The issue is that when we try to access siites like http://abcdefg:8180 through the transparent proxy, it is unable to get the page. It gives and error that the connection has timed out. I used HttpWatch to monitor this traffic and it shows "NS_ERROR_NET_TIMEOUT".

We have an explicit forward proxy as well, and when we try accessing the same site through that, it works well.

My query is, will the transparent proxy with WCCP redirect support only HTTP and HTTPS. Can't we get other ports also working through that. If it is not, I wonder what is the use of configuring transparent proxy.

IronPort Model: S670

Version: 7.1.4-053

Request your assistance.

Regards,

Faiz

7 Replies 7

Chris Illsley
Level 3
Level 3

Hi,

In your Access Policies in Protocols and User Agents do you have the extra ports configured there?

Thanks

Chris

Hi Chris,

Thank you for the prompt response.

Well, I checked and found that these options are kept as default. Nothing has been selected specifically. Could you provide more infrormation as to what exactly I need to change in the access policy.

Below is the screenshot:

Regards,

Faiz

Hi Faiz,

That scrrenshot is from the Identity page.

Go to Access Policy and then the second column along "Protocols and User Agents".

Under the "HTTP CONNECT Ports" is the list of allowed ports, you can add extra ports in here or you can add the entire range 1-65535.

Thanks

Chris

Hi Chris,

Well, I have done this. I tried the entier range 1-65535 as well. But no luck.

Is there anything else that can be done.

Thanks,

Faiz

Since you are using WCCP you need to add this port to the ports that are redirected. The WSA controls which ports will be sent to it in the negotiation with the WCCP protocol. In the WSA go to Network > Transparent Redirection and edit your service to add the new port. Note as the GUI states there are a maximum of 8 ports which can be redirected.

Hi Jeffrey,

I have already tried this as well. However, it did not solve my issue.

I wonder why it is working in foreward proxy and not in transparent proxy.

Regards,

Faiz

Hi All,

Can anyone suggest me on this please? I need to roll out the transparent proxy in the network and sites with ports other than HTTP or HTTPS doesnt seem to work..!!

PS: I find it very strange that I get very less number of responses when I put queries related to transparent proxy.

Regards,

Faiz