The deployment type is transparent and the customer has configured the SSL proxy to intercept. The authentication mode is 'Auto'.

Whenever a client browses an HTTPS website when opening up Firefox, it will get an authentication prompt. Key'ing the username and password will allow the client to browse the HTTPS website.

When browsing an HTTP website on Firefox, this issue does not occur.

Below are the steps to resolve the issue:

1. Change the authentication mode to 'Origin-cookie-redirect' or 'Origin-ip-redirect'.

2. Set the virtual URL of the authentication realm to a non-standard HTTPS port. Eg: https://myproxy:4433.

• Create a new service of HTTP Reverse Proxy to intercept the tcp port 4433. The Listeners of the destination IP should be 'Explicit', port range of 4433 and enable interception.
• The keyring of this new service should be set to the keyring that was used for the SSL interception under the VPM - SSL Intercept Layer.

3. Type in 'about:config' on the Firefox URL and look for 'network.automatic-ntlm-auth.trusted-uris'. Set the string to the virtual URL of the ProxySG appliance's authentication realm that is being used.

When using authentication mode of 'Auto', the ProxySG might have issues choosing the right mode even though 'Origin-cookie-redirect' is one of the modes.

Some customers did not need to do Step 2---doing Step 1 and Step 3 resolved their issue.  This could be due to a browser behavior in which it is able to ignore the redirection from HTTPS to HTTP (the virtual URL) and then back to HTTPS in the same session. Other browsers see this as security issue and might break the session.