The customer is using the proxy forwarding method but only gets partial GitHub activities in CloudSOC

There are login/logout, download events, but missing upload events.

The s3.amazonaws.com is not listed in the CPL initially.

After added the URL additional issue was discovered:

• • The client PCAP shows the local proxy is intercepting the s3.amazonaws.com traffic from the end-user.
  • SG PCAP does NOT show that the request to s3.amazonaws.com is being sent to WSS. It shows that it is going direct to AWS.
  • On-Premise SG policy trace shows that the forwarding rules for the s3.amazonaws.com traffic being missed
  • Discovered the Proxy has a conflicting rule in different layers so the URL for amazonaws.com was bypassed by the proxy in the authentication layer
  • This resulted in the forwarding rule in the CPL not functioning properly

1. Added the s3.amazonaws.com to the CPL as it is needed by Github Gatelet uploads.
2. Removed the amazonaws.com from the authentication bypass list