Troubleshooting a potential issue with Proxy attempting to access a Phishing site on port 80

Release: 1.14.50

To start troubleshooting please share:

• network diagram showing where this proxy is located and its IP
• collect a packet capture running "sudo tcpdump -s 0 -i eth0 -w myPhishing.pcap" on the same WI proxy while reproducing the issue
• on the same WI proxy server execute "fg_machine_status" TGZ log archive is saved in  "/var/tmp/"
• copy, thanks to Secure copy protocol (SCP), the above logs files to your local machine and attach them to the case
• in the WI management appliance go to "Reports > Activity Logs > Filter by time ("last 15 minutes") or when the issue was seen > Click on the top right button "Export". Download ".csv" file to your local machine then attach it to the case

The command to collect the PCAP collects the capture in real-time and the capture would let us see whether, or not, the Proxy gateway is actually attempting to connect to a Phishing site and on the port reported. As you share the capture, also share the URL for the suspicious Phishing site to which the Proxy is attempting to connect, as reported. This is very important, for the investigation to happen successfully. See the snippet below, for guidance on how the command may be run.

The machine status contains all of the fireglass logs, and more. Here we should see historical data as well as, backward before yesterday. Refer to the snippet below, for the execution.

When the above is done,

• copy, thanks to Secure copy protocol (SCP), the above logs files to your local machine and attach them to the case.