search cancel

"x-isolated" log field not working despite traffic forwarded to Isolation


Article ID: 240206


Updated On:


ProxySG Software - SGOS






This only impact ProxySG running SGOS 7.x but using SGOS 6.7/CPL ProxySG isolation method as a result of the UPE/WSS integration. 


The "x-isolated" log field works only when the Isolation service is configured (introduced in 7.x). The log field will not flag "Yes" if the Isolation service and isolation policy objects are not configured. 

As an alternative, configure a new access log file and write access logs to this file when the forwarding rule is matched.

1. Create a new log file

Go to the Management Console - Configuration - Access Logging - Logs

Click New - Log Name (give this log a name, such as 'Isolated-log')

Click Log Format - bcreportermain_v1

Click Apply

2. Go to the Isolation forwarding rule 

; ==============================

; Forwarding Layer

; ==============================



; If traffic is directed towards the resource servers of the Threat Isolation platform forward it to cluster ISOLATION_TENANT

; Isolation resource servers can serve only if the traffic is SSL intercepted., add the XFF and XAU & XAG headers.

condition=Isolation_CondListIsolationResourcesDestination  forward("Isolation_Forwarding_Group_ISOLATION_TENANT") forward.fail_open(no) action.Isolation_actionAddXFFForForward(yes) action.Isolation_actionAddXAUForForward(yes) action.Isolation_actionAddXAGForForward(yes)access_log[Isolated-log](yes) <------------

; forwarding rules for cluster webisolationtenant-us-east4

; If traffic is directed towards a Threat Isolation gateway send it direct (this is the websocket connection)


; If traffic is directed towards a web isolation matching criteria destination, forward it to the forwarding group Isolation_Forwarding_Group_ISOLATION_TENANT

; Isolated HTTPS websites must be SSL intercepted, otherwise the isolation won't function

; , add the XFF and XAU & XAG headers.

condition=Isolation_CondWebIsolationSslMatchCriteria condition=Isolation_CondWebIsolationMatchCriteriaForwarding forward("Isolation_Forwarding_Group_ISOLATION_TENANT") forward.fail_open(no) action.Isolation_actionAddXFFForForward(yes) action.Isolation_actionAddXAUForForward(yes) action.Isolation_actionAddXAGForForward(yes) access_log[Isolated-log](yes) <----------