search cancel

Web traffic is sent direct when using F5's BIG-IP and Web Traffic Redirection

book

Article ID: 175869

calendar_today

Updated On:

Products

Endpoint Protection Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

When browsing Web sites on a computer configured to use the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) feature, Web traffic is sent directly instead of through the Web Security Service (WSS) when connected to a corporate network through the F5 BIG-IP Edge SSL VPN client.

Cause

The SEP WTR engine configures the system proxy settings to point to the PAC file hosted by the Local Proxy Service (LPS) at http://localhost:2968/proxy.pac. It then configures Windows to use system proxy settings instead of per-user proxy settings. The WTR engine does not modify proxy settings for virtual adapter profiles.

Since the Edge client uses a virtual adapter profile, traffic will be routed through whatever configuration is set for the system proxy settings in the virtual adapter profile. The Edge client only configures the settings for the user version of the profile when it runs without Administrator privileges.

Resolution

To work around this problem, configure the F5 BIG-IP VPN client profile to point to http://localhost:2968/proxy.pac and run the Edge client with Administrator privileges when first initializing the connection. This will allow the Edge client to create a system virtual adapter profile with the correct proxy settings for the SEP WTR feature.