Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4821 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy restart drops all https connections.

Andik
We have remote terminal server sessions with a Java client via https.
Every time the virus pattern is updated the HTTP proxy is restarted.
All packets which are to be transmitted during that time are answered with the RST flag set. This drops the terminal server connections and the software assumes a "man in the middle" attack.
Is there a way to avoid dropped https connections during proxy restart?

Andreas.


This thread was automatically locked due to age.
  • 0
    Do you have HTTPS enabled?Have you deployed the certificates correctly? Which version of ASG are you using? What URL are you trying to access?
  • 0
    If you are running in a transparent mode, try putting the remote servers into the 'Transparent mode skiplist'.

    If you are in a non-transparent mode where the users' browsers are configured to point at the Astaro Proxy, then create a packet filter rule 'Internal (Network) -> HTTPS -> {Terminal Servers} : Allow' and configure the users' browsers with Proxy Exceptions for the servers.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    https proxy scanning IS a man in the middle attack.  

    https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/44287

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to wingman
    Do you have HTTPS enabled?Have you deployed the certificates correctly? Which version of ASG are you using? What URL are you trying to access?


    Sorry for forgetting these details.
    cat /etc/version says 7.503

    The proxy version is:
    httpproxy[10393]: Integrated HTTP-Proxy (c) 2007-2008 Astaro AG, Version 7.503

    Unfortunately there is no public accessible URL available and you would need a  user account, too.

    Andreas.
  • 0 in reply to wingman
    Do you have HTTPS enabled?Have you deployed the certificates correctly? Which version of ASG are you using? What URL are you trying to access?


    HTTPS scanning is not enabled, so we do not use the ASG (version 7.503) internal certificates.
    Sorry, no public URLs or accounts available.
    "Normal" https access via browser works. It's only the Java client/server software that reacts to dropped connections in such a way.
    BTW, the software is called "Sun Secure Global Desktop".
  • 0
    Every time the virus pattern is updated the HTTP proxy is restarted.


    That sounds like this Problem: https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/44337

    ASx 7.504 should (hopefully) fix that...
    and iirc it should be aviable tomorrow as a "Softrelease" and usualy a week later as a "Public" Release.

    Softreleases are usualy announced in the "Hardware, Installation, Up2Date, Licensing" Section of the UBB.
  • 0
    Since you obviously trust these servers, my suggestion above is how we've handled Citrix/TS for our clients.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to KSeemann
    That sounds like this Problem: http://www.astaro.org/astaro-gateway-products/web-security-http-https-ftp-im-p2p-web-filtering-antivirus/29113-proxy-refusing-connections.html

    ASx 7.504 should (hopefully) fix that...
    and iirc it should be aviable tomorrow as a "Softrelease" and usualy a week later as a "Public" Release.

    Softreleases are usualy announced in the "Hardware, Installation, Up2Date, Licensing" Section of the UBB.


    Sounds good. I guess the users will be able to live a few more days with this problem.

    Thanks to everybody who has helped in solving the problem.

    Andreas.