Proxy authentication fails while connecting to Dell SCG via the Proxy
search cancel

Proxy authentication fails while connecting to Dell SCG via the Proxy

book

Article ID: 403933

calendar_today

Updated On:

Products

ISG Proxy

Issue/Introduction

The customer is trying to connect to configure a Dell SCG via the Proxy.

Customer added the destination URL into authentication bypass , but still is unable to get a pass through the proxy. See the reference link below.

Secure Connect Gateway

Environment

ISG-Proxy

Cause

Incorrect/incomplete Configuration

Resolution

From the referenced Dell documentation, and concerning where a Proxy comes in, see the below.

  1. If SSL decryption is enabled on the proxy servers and other devices, ensure the Global access and Enterprise servers are added to the SSL decryption exclusion list on the proxy servers and devices.

    What this means is that the customer should disable SSL Interception on the Proxy, for all of the Global access and Enterprise servers. For this, utilize the CPL script below. Complete the URL domains from the list in the referenced public "Dell" doc.

    <proxy>
    condition=Global_Enterprise_ServersExceptionList detect_protocol(none) 

    define condition Global_Enterprise_ServersExceptionList
    ;For IPV6
    url.domain=srs-1-v6.dell.com
    url.domain=SRSgduprd01-v6.dell.com
    url.domain=SRSgduprd02-v6.dell.com
    url.domain=SRSgduprd03-v6.dell.com
    ;..
    ;..
    ;..
    ;For IPV4
    url.domain=esrs3-core.emc.com
    url.domain=esrs3-coredr.emc.com
    url.domain=esr3gduprd01.emc.com
    url.domain=esr3gduprd02.emc.com
    url.domain=esr3gduprd03.emc.com
    url.domain=esr3gduprd04.emc.com
    ;..
    ;..
    ;..
    ;..
    end condition Global_Enterprise_ServersExceptionList

  2. Internet connectivity: Standard 1 GbE network or faster through HTTP with basic authentication, from the referenced "Dell" doc. The authentication method recommended in the Basic Authentication (clear text). The Dell documentation does not recommend NTLM/Kerberos, for Internet Access. Web Authentication bypass isn't also referenced in the "Dell" doc. Ensuring the "Allow Basic Credentials" in the "Realm" config would do, for this piece. See the snippet below, as reference.




  3. Specific ports must be allowed in the environment, for this implementation.

Again, note that only Basic Authentication is referenced in the "Dell" doc. shared, and no NTLM/Kerberos is refenced. 

Executing all of the above would mean take care of all that's required on the Proxy side.

Powered by Wolken Software