I've got a case open on this, but wanted to ask the community too. I've got an S360 running AsyncOS 5.6.0-623 running in transparent mode. We're requiring NTLM user authentication. We're using the HTTPS Proxy feature.
In Firefox 3.x and maybe others (but not Internet Explorer) when viewing some SSL web sites that auto-refresh you will periodically receive a pop-up message with "OK" and "Cancel" buttons:
The web page is being redirected to a new location. Would you like to resend the form data you have typed to the new location?
This doesn't happen on the first visit, but only if you sit an wait for the page to refresh on its own. A perfect example of this is gmail.com (using HTTPS of course) but I've seen this on several other sites as well.
I've run all sorts of packet captures but because everything is encrypted it has been pretty useless. Has anyone else experienced this?
Yes! (until I moved my machine to a subnet we're not filtering, that is) It got rather annoying, so, rather than "fix it" (i'm one of the few privileged enough to have Fx installed ... most users don't/can't ... so fixing it wasn't really a priority), I just bypassed it.
I believe this may have something to do with authentication + HTTP POSTs on FF 3.x.
If a POST needs authentication, it must be redirected back to the WSA in order to be authenticated. Once this processes is completed, the client is redirected back to the original server. At this point the browser must "re-POST" the data.
I believe this is where the issue lies. It's possible that changing from cookie to IP surrogate may affect this behavior. I believe it only happens whenever FF creates a new connection in which the auth caching has expired.
At least, these are my current theories. We still have some more work to do.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :