cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
574
Views
0
Helpful
2
Replies

Problems with accessing websites through IronPort S370

Colin Higgins
Level 2
Level 2

I have a new IronPort S370 set up in explicit forward (proxy) mode.

 

The system is set up to use NTLM authentication, has an account on the domain, and is able to see users, groups, etc. in the domain. It tests out correctly.

 

So I built a new access policy that uses the domain realm and placed this policy above the default global policy on the IronPort. I associated a URL filtering policy with it, and put in a handful of websites to test. However, I am running into issues.

 

When I access some sites, I can get to them. When I access a site like google.com, I get a message that I have to log in (page cannot be displayed).

 

Looking at the logs, it looks like the IronPort is tunneling all the http traffic, and that 443 is hitting google.com

 

Is this correct? Whan can I do to change/fix this?

2 Replies 2

Colin Higgins
Level 2
Level 2

OK, I have some more info for this.

 

The problem seems to be that the Global Access Policy overrides a specific policy I create.

 

If I create a group, use domain authentication (realm), assign a custom URL category to this group within an access policy (permitting access to certain URLs), and within the global policy block all categories by default, everything gets blocked.

 

In policy trace, I see the user is found in the directory, the website IP resolves, but the access policy I created is never looked at: only the global policy.

 

Is there something I am missing here?

After you add URL categories in your new access Policy and submit it, click link in URL Filtering column for your new access policy just created to edit it.

Click Select all link in Monitor column. Click submit.

Otherwise it will inherit global settings.

 

HTH

"Please rate helpful posts"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: