Cannot SCP files from ProxySG into CASB device logs
Article ID: 245148
Updated On:
Products
Issue/Introduction
WSS integrated with on-prem ProxySG.
WSS also integrated with CASB.
WSS logs ingested into CASB without any problems but ProxySG logs cannot be updated into CASB.
PCAPs indicate traffic leaving the internal network but TCP connection fails to establish correctly with CASB.
Environment
CASB Reporting
Log uploads from ProxySG
Log uploads from WSS
Cause
Multiple issues triggered problem from firewall, CASB IP address whitelisting, but above all ProxySG UI limitations.
Resolution
Multiple tasks need to be completed from the ProxySG to upload files to CASB reporting successfully:
a) Make sure that firewall rules where Proxy egresses out of allows TCP 22 to the CASB reporting endpoints
b) Make sure that the CASB whitelisted IP address for SCP communication matches the ProxySG egress IP address
3. Configure the ProxySG settings from the CLI and not the UI (SSH keys can be generated via the UI). This is the key part as the info key endpoint info from the CASB side was truncated when adding via the ProxySG UI - username with underscores were also not allowed. These limitations do not exist with CLI.
Attachments
Feedback
