search cancel

"x-isolated" log field not working despite traffic forwarded to Isolation

book

Article ID: 240206

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 

 

 

Environment

This only impact ProxySG running SGOS 7.x but using SGOS 6.7/CPL ProxySG isolation method as a result of the UPE/WSS integration. 

Resolution

The "x-isolated" log field works only when the Isolation service is configured (introduced in 7.x). The log field will not flag "Yes" if the Isolation service and isolation policy objects are not configured. 

As an alternative, configure a new access log file and write access logs to this file when the forwarding rule is matched.

1. Create a new log file

Go to the Management Console - Configuration - Access Logging - Logs

Click New - Log Name (give this log a name, such as 'Isolated-log')

Click Log Format - bcreportermain_v1

Click Apply

2. Go to the Isolation forwarding rule 

; ==============================

; Forwarding Layer

; ==============================

e.g

<Forward>

; If traffic is directed towards the resource servers of the Threat Isolation platform forward it to cluster ISOLATION_TENANT

; Isolation resource servers can serve only if the traffic is SSL intercepted., add the XFF and XAU & XAG headers.

condition=Isolation_CondListIsolationResourcesDestination  forward("Isolation_Forwarding_Group_ISOLATION_TENANT") forward.fail_open(no) action.Isolation_actionAddXFFForForward(yes) action.Isolation_actionAddXAUForForward(yes) action.Isolation_actionAddXAGForForward(yes)access_log[Isolated-log](yes) <------------

; forwarding rules for cluster webisolationtenant-us-east4

; If traffic is directed towards a Threat Isolation gateway send it direct (this is the websocket connection)

condition=Isolation_CondListIsolationGatewaysDestinationForwarding_ISOLATION_TENANT(no)

; If traffic is directed towards a web isolation matching criteria destination, forward it to the forwarding group Isolation_Forwarding_Group_ISOLATION_TENANT

; Isolated HTTPS websites must be SSL intercepted, otherwise the isolation won't function

; , add the XFF and XAU & XAG headers.

condition=Isolation_CondWebIsolationSslMatchCriteria condition=Isolation_CondWebIsolationMatchCriteriaForwarding forward("Isolation_Forwarding_Group_ISOLATION_TENANT") forward.fail_open(no) action.Isolation_actionAddXFFForForward(yes) action.Isolation_actionAddXAUForForward(yes) action.Isolation_actionAddXAGForForward(yes) access_log[Isolated-log](yes) <----------