Allow access to web sites running on custom ports in a transparent deployment using ProxySG

book

Article ID: 168214

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Users might encounter public or private web sites running on non-standard ports, for example:

http://210.212.239.117:8080/KsrtcOnlineR/
http://118.102.141.185:9090/ServiceManager/login.jsp

Cause

When these web sites are accessed via a ProxySG appliance transparently, the ports are not set to intercept transparent connections by default. As a result, the requests are bypassed by the proxy and an upstream device (firewall) blocks access from the client's IP.

Resolution

Intercept these custom ports by using the appropriate service type. For the previous example URLs, which are HTTP, the service type should be “http”.

  1. In the Management Console, select Configuration  > Services > Proxy Services.
  2. Click External HTTP > Edit Service.
  3. Under Listeners, click New. Set the Listener with settings for intercepting port 8080
  4.  Click OK to go back to Edit Service page. You can click New and add more ports if required.
  5. Click OK and Apply the changes.
 


These steps ensure that the appliance is intercepting those ports also with respective proxy service (in this case it is “HTTP”). You must also open the firewall or any upstream devices to allow the appliance's IP address to communicate on the respective ports.

Note: If you are using WCCP for redirecting the connections, also add the ports to the WCCP service group so that the WCCP server passes them to the appliance.

Attachments