Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
1
Replies

Switch to WSA WCCP transperent redirection

malshbou
Level 1
Level 1

‎08-04-2014 02:47 PM

Hello all,

 

The transparent redirection term first implied to me that the client will be totally unaware of the presence of a WSA proxy, however i delpoyed the following setup and found that the client is receiving HTTP proxy-redirect message (code 307) with source IP of the final destination server but i tells the client to request HTTP from the WSA. Redirection mode is L2 forwarding.

 

Here is the Setup:

 

               Server

                     |

client----L3 Switch----WSA
 

 

My understanding of transperent redirection in this setup is:

 

- client sends HTTP GET request to the server

- the switch intercepts the GET and redirect it to the WSA

- the WSA sends the request to the server with source IP of the WSA

- the server replies to the WSA

- the WSA replies to the client (not sure if the source will be spoofed as server IP or WSA)

 

However, my findings were different... again http-redirect arrives at the client with WSA URL

 

Please advise,

thanks in advance.

------------------ Mashal Shboul
Labels:
0 Helpful
1 Reply 1

Vance Kwan
Cisco Employee
Cisco Employee

‎08-06-2014 11:56 PM

The HTTP 307 redirect is likely coming because you are using authentication.  The way the WSA performs NTLM authentication is to redirect the browser to access the WSA directly, so that NTLM authentication can happen.  Once authenticated, another 307 will redirect it back to the original website.

If you are looking for a 100% transparent deployment, you may want to consider deploying the Cisco Context Directory Agent so that the WSA can ask the agent which user is logged onto that IP (instead of doing the NTLM authentication).

The term Transparent really just means the browser does not have a proxy setting.

 

0 Helpful
Customers Also Viewed These Support Documents