IPS with HTTPS traffic

Similar Messages

• ASA MPF on HTTP traffic

  Hi, Im student who studying MPF atm, and I just wodnering about the parameters(request args regex, request body length etc..) that http provides, I was looking up and went through some resources and information on cisco website, but it was diffcult to understand all of theses parametes,
  how does ASA matches up with http traffic ?? is this parameters are located in HTML ??? (body java activ-x) , where does it located, ??
  thanks in advance, !!!

  Hello Terry,
  First thing to understand when we are talking about inspection on layer 5 to 7 ( In this case http) is that in order to work the client got to be on one ASA'Sinterface and the server needs to be on another one, this to allow the ASA to investigate the http session.
  Now you are asking about how the ASA is going to match that traffic, well with the policy map type inspect we will decide what to match (the http request, response,etc) , we can use different things in order to do it, just as an example we can create a regular expressions that matches www.cisco.com (\.cisco\.com)  and then let the ASA know that matches the header of the http packet using that particular rule and then we will be able  to  block cisco.com as an example.
  You can also match the URI, etc etc and then apply the rigth http inspection paramater.
  Please rate helpful posts.
  Regards,
  Julio

• IPS and HTTPS check

  Hi,
  Can Cisco IPS/AIP module identify torrent traffic tunneled in HTTPS?
  Can IPS inspect https traffic for detect any anomaly?
  Regards.

  Hi,
  IMHO by default you can't inspect any crypted traffic.
  You would have to have traffic ended on ASA to decrypt and then send to client.
  HTH
  Pael

• Debugging HTTP traffic from iPad with Charles

  Here's a great tip on how to use Charles on your Mac or PC to proxy HTTP traffic from your iPad so you can debug it.
  http://www.ravelrumba.com/blog/ipad-http-debugging/

  Talking of debugging iPad, and Flash apps specifically, I only recently tried out the "Quick publishing for device debugging" option. When you do that, and run the app on the device, you can set Flash to be in a remote debugging session, and on the app screen you type in the IP address of your computer. You can then debug the running app in just the same way you would debug a swf running in your desktop browser. You don't even have to be connected by USB, it works across the wireless network.

• RV042G V3 protocol bind all HTTPS traffic to wan1

  If you are using load balancing how do you bind i.e. all HTTPS traffic to i.e. wan1. RV042G V2 you can inter 0.0.0.0~0.0.0.0 as Source IP to forward from all IPs, how do you do that with a V3?

  Dear Hans,
  Thank you for reaching Cisco Small Business Support Community.
  The improvements on the Cisco RV042G v3 have basically been hardware related, better processor and more memory pretty much, but since the firmware release has also changed, here I add the link for the admin guide where on page 81 you can follow the "Managing the Bandwidth settings" section;
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  Please let me know if this answers your question and/or if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• Little help please with forwarding traffic to proxy server!

  hi all, little help please with this error message
  i got this when i ran my code and requested only the home page of the google at my client side !!
  GET / HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)
  Host: www.google.com
  Connection: Keep-Alive
  Cookie: PREF=ID=a21457942a93fc67:TB=2:TM=1212883502:LM=1213187620:GM=1:S=H1BYeDQt9622ONKF
  HTTP/1.0 200 OK
  Cache-Control: private, max-age=0
  Date: Fri, 20 Jun 2008 22:43:15 GMT
  Expires: -1
  Content-Type: text/html; charset=UTF-8
  Content-Encoding: gzip
  Server: gws
  Content-Length: 2649
  X-Cache: MISS from linux-e6p8
  X-Cache-Lookup: MISS from linux-e6p8:3128
  Via: 1.0
  Connection: keep-alive
  GET /8SE/11?MI=32d919696b43409cb90ec369fe7aab75&LV=3.1.0.146&AG=T14050&IS=0000&TE=1&TV=tmen-us%7Cts20080620224324%7Crf0%7Csq38%7Cwi133526%7Ceuhttp%3A%2F%2Fwww.google.com%2F HTTP/1.1
  User-Agent: MSN_SL/3.1 Microsoft-Windows/5.1
  Host: g.ceipmsn.com
  HTTP/1.0 403 Forbidden
  Server: squid/2.6.STABLE5
  Date: Sat, 21 Jun 2008 01:46:26 GMT
  Content-Type: text/html
  Content-Length: 1066
  Expires: Sat, 21 Jun 2008 01:46:26 GMT
  X-Squid-Error: ERR_ACCESS_DENIED 0
  X-Cache: MISS from linux-e6p8
  X-Cache-Lookup: NONE from linux-e6p8:3128
  Via: 1.0
  Connection: close
  java.net.SocketException: Broken pipe // this is the error message
  at java.net.SocketOutputStream.socketWrite0(Native Method)
  at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:115)
  at java.io.DataOutputStream.writeBytes(DataOutputStream.java:259)
  at SimpleHttpHandler.run(Test77.java:61)
  at java.lang.Thread.run(Thread.java:595)
  at Test77.main(Test77.java:13)

  please could just tell me what is wrong with my code ! this is the last idea in my G.p and am havin difficulties with that cuz this is the first time dealin with java :( the purpose of my code to forward the http traffic from client to Squid server ( proxy server ) then forward the response from squid server to the clients !
  thanx a lot,
  this is my code :
  import java.io.*;
  import java.net.*;
  public class Test7 {
  public static void main(String[] args) {
  try {
  ServerSocket serverSocket = new ServerSocket(1416);
  while(true){
  System.out.println("Waiting for request");
  Socket socket = serverSocket.accept();
  new Thread(new SimpleHttpHandler(socket)).run();
  socket.close();
  catch (Exception e) {
  e.printStackTrace();
  class SimpleHttpHandler implements Runnable{
  private final static String CLRF = "\r\n";
  private Socket client;
  private DataOutputStream writer;
  private DataOutputStream writer2;
  private BufferedReader reader;
  private BufferedReader reader2;
  public SimpleHttpHandler(Socket client){
  this.client = client;
  public void run(){
  try{
  this.reader = new BufferedReader(
  new InputStreamReader(
  this.client.getInputStream()
  InetAddress ipp=InetAddress.getByName("192.168.6.29"); \\ my squid server
  System.out.println(ipp);
  StringBuffer buffer = new StringBuffer();
  Socket ss=new Socket(ipp,3128);
  this.writer= new DataOutputStream(ss.getOutputStream());
  writer.writeBytes(this.read());
  this.reader2 = new BufferedReader(
  new InputStreamReader(
  ss.getInputStream()
  this.writer2= new DataOutputStream(this.client.getOutputStream());
  writer2.writeBytes(this.read2());
  this.writer2.close();
  this.writer.close();
  this.reader.close();
  this.reader2.close();
  this.client.close();
  catch(Exception e){
  e.printStackTrace();
  private String read() throws IOException{
  String in = "";
  StringBuffer buffer = new StringBuffer();
  while(!(in = this.reader.readLine()).trim().equals("")){
  buffer.append(in + "\n");
  buffer.append(in + "\n");
  System.out.println(buffer.toString());
  return buffer.toString();
  private String read2() throws IOException{
  String in = "";
  StringBuffer buffer = new StringBuffer();
  while(!(in = this.reader2.readLine()).trim().equals("")){
  buffer.append(in + "\n");
  System.out.println(buffer.toString());
  return buffer.toString();
  Edited by: Tareq85 on Jun 20, 2008 5:22 PM

• ACE loadbalancing : cannot get to the same farm with http / ssl ?

  Hello there,
  I configured 2 farms, and one call on a specific host adress is redirected to farm 2.
  This is working, but only for HTTP traffic : for HTTPS, it's redirected to farm 1 !
  I need help, if someone can help...
  I post my configuration here :
  probe tcp PROBE_TCP  interval 30rserver host MTP01  ip address 172.16.0.1  inservicerserver host MTP02  ip address 172.16.0.2  inservicerserver host MTP03  ip address 172.16.0.3  inserviceserverfarm host FARM01  predictor leastconns  probe PROBE_TCP  rserver MTP01    inservice  rserver MTP02    inserviceserverfarm host FARM02  predictor leastconns  probe PROBE_TCP  rserver MTP02    inservice  rserver MTP03    inserviceparameter-map type http HTTP_PARAMETER_MAP  persistence-rebalanceclass-map match-all CLASSMAP_L3L4  2 match virtual-address 178.xx.xx.xx tcp eq wwwclass-map type http loadbalance match-all CLASSMAP_L7  3 match http header Host header-value "theurloftheserver.com"class-map match-all L4-HTTPS-IP  2 match virtual-address 178.xx.xx.xx tcp eq httpsclass-map match-all L4-WEB-IP  2 match virtual-address 178.xx.xx.xx tcp eq wwwpolicy-map type loadbalance http first-match HTTPS_POLICY  class CLASSMAP_L7    serverfarm FARM02  class class-default    serverfarm FARM01    insert-http x-forward header-value "%is"policy-map type loadbalance http first-match WEB_L7_POLICY  class CLASSMAP_L7    serverfarm FARM02  class class-default    serverfarm FARM01    insert-http x-forward header-value "%is"policy-map multi-match WEB-to-vIPs  class L4-WEB-IP    loadbalance vip inservice    loadbalance policy WEB_L7_POLICY    loadbalance vip icmp-reply active    nat dynamic 1 vlan 2369    appl-parameter http advanced-options HTTP_PARAMETER_MAP  class L4-HTTPS-IP    loadbalance vip inservice    loadbalance policy HTTPS_POLICY    loadbalance vip icmp-reply active    nat dynamic 1 vlan 2369    appl-parameter http advanced-options HTTP_PARAMETER_MAP
  What is really weird is that traffic to http (CLASSMAP_L7) is ok, so I don't get it : this should match on HTTPS_POLICY, where am I wrong ?
  Thanks a lot !

  Hi,
  You are not getting match for https since with https header would be encrypted and ACE cannot read the URL and defaults to Farm01. HTTPS is encrypted HTTP.
  ACE should be able to decrypt the traffic to look into the packet and take decision. SSL termination on ACE is a feature for that. I would recommend going to the SSL guide for more details.
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/ssl/guide/terminat.html
  Regards,
  Kanwal

• Can a WLC redirect HTTPS traffic in a CWA environment

  Hi Guys.
  Regarding with ISE, CWA and WLC, I 'm seeing that when you connect to the SSID and open your navigator, if the URL is an HTTPS URL the traffic is not redirected to the ISE Portal using CWA. I though that the WebAuth Proxy Redirection Port option of the WLC only works when It has the portal (LWA) but not in CWA.
  I only found information about the redirection of the traffic when is a HTTP connection (port 80).
  Is it possible to redirect HTTPS traffic in a CWA deployment??, most of my users use Google Chrome and, in some scenarios, any search using Gooogle is in HTTPS mode and the captive portal is not shown.
  Thanks.
  Best regards.

  No, the WLC is not able to redirect HTTPS pages.
  You can however add other ports(other than 80) that can be redirected incase of proxy etc.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• QoS value for http traffic from IP Phone

  Since the phone marks all voice with COS 5 and data traffic with COS 0. Does this also include traffic sourced from the IP Phone http? request when doing Directory Lookups, IP Phone Services.
  Thanks!

  With 4.1 and up (not sure if 4.0 had this), this traffic is marked with TOS 3 or DSCP CS3 (24). You can modify this enterprise parameter to what ever you want.
  DSCP for SCCP Phone-based Services :
  This parameter specifies the Differentiated Service Code Point (DSCP) IP classification for IP phone services on SCCP-based phones, including any HTTP traffic. Note: You must restart SCCP-based phones for this parameter change to take effect.
  This is a required field.
  Default: default DSCP (000000).
  Restart SCCP-based phones for the parameter change to take effect.
  HTH
  Sankar
  PS: please remember to rate posts!

• Intercepting all http traffic and forwarding to VIP on CSM?

  We would like to intercept all http traffic from clients from all vlans and redirect them to a VIP on the CSM for loadbalancing to 2 proxy servers. Is this possible? I can't seem to find a solution similar to our issue? Please help thanks!

  Thx Giles! Do you mean a policy that uses route-maps with next-hop? So would I point the next-hop address to the CSM client vlan IP? Do you have a support link that covers this in detail? Thx!

• Experimented: iPS with latest update "conflicts" with Intel Mac mini

  Hello everyone.
  Please see my earlier post first as "background story":
  http://discussions.apple.com/thread.jspa?threadID=602573
  So I have 2 1Gb iPod Shuffles, one mine, one my sister's. My sister's, the 1st time I plugged into her new Intel Mac mini, it asked for an iPod Update, I clicked "Yes" and proceeded with the update.
  After that, I set the iPS with Disk Mode, it appears on the Desktop, when I launched or inside iTunes, once I hit the "Autofill" button, the shuffle unmount and disappear from the desktop immediately, leaving behind a 'warning message' with red exclamation mark, the same when you pull out a thumb drive or turn off an external drive, without unmounting them first.
  My own shuffle, I did not apply the latest iPod Updater
  When I bring the 2 iPS to my own iMac G5, both with same settings (Disk Mode etc) mounts perfectly on the Desktop, inside iTunes, I can 'Autofill' BOTH shuffles.
  When I plug my non-updated shuffle into my sis's Intel Mac mini, it mounts nicely, and when hit with Autofill, it does so nicely without "self-unmounting" at all.
  So in the end? I swap my shuffle with my sis, and make sure she never ever update the shuffle, at least for the time being.
  So what does this show?? That the iPod shuffle with the latest update may have a conflict of instability with Intel-based Macs??
  Thanks and cheers

  Hi Howwow,
  To add a detail: my updated Shuffle works like a charm on my old iBook and not on my new Intel MacBook. So I am convinced it is in the Shuffle/Intel combination. I did try undoing the update on the shuffle (reverting back to 2005-11-17), but that made no difference on my Intel MacBook.
  Regards

• WSA blocking HTTPS traffic -allowing HTTP

  We have two S170 WSA appliances configured as Guest Wi-Fi Internet proxy servers.  The local network design is as follows:
  WLC5508 (Foreign)     >>     WLC5508 (Anchor)     >>     ACE20 Context     >>     WSA 170     >>     FWSM     >>     Internet
  Guest traffic is authenticated via WCS using RADIUS but is disabled for now.
  Clients associate to SSID, receive IP address via local DHCP scope on anchor WLC and forward all traffic to DFWG which is ACE20 interface.
  ACE20 has specific class-maps for public DNS use and loadbalance policy-map which forwards all other traffic (excluding DNS) to WSA.
  HTTP traffic works fine, HTTPS traffic fails.  The HTTPS proxy service uses a local self-signed certificate for initial decryption of the session. The browser and WSA negotiates to use TLSv1 then the error below is shown.
  Fails
  57666018.658 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54930 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
  1357666018.760 32 192.168.244.1 NONE_SSL/200 0 TCP_CONNECT 10.153.9.6:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 0 cs-auth-group= - c-port= 54931 cs-bytes= 0 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= - cs-referer= - cs-cookie= -
  1357666018.799 0 192.168.244.1 TCP_DENIED_SSL/403 0 GET https://post.packetconsulting.com:443/owa - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,-,"-",-,-,-,-,"-",-,-,-,"-",-,-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,-,"-","-"> - s-ip= 255.255.255.255 s-port= 443 webcat-code= - cs-version= 1 cs-auth-group= - c-port= 54931 cs-bytes= 598 wbrs-score= - wbrs-threat-reason= - wbrs-threat-type= - cs-user-agent= "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; InfoPath.2; Tablet PC 2.0; MS-RTC LM 8)" cs-referer= - cs-cookie= -
  I have seen this error posted before but no resolution.  I'm sure this is a config problem, but cannot figure why or where!
  Any ideas, thoughts or help would be great...
  Cheers

  Hi axa,
  This is an access policy blocking the SSL traffic based on the TCP_DENIED_SSL / 403. Also I would suspect that you do not have HTTPS proxy enabled which would be required since your not using port 80 for 443 traffic. I would recommend opening a ticket with the WSA Content Security Team.
  Sincerely,
  Erik Kaiser
  WSA CSE
  WSA Cisco Forums Moderator
  Message was edited by: Erik Kaiser

• Kerberos encryption for HTTP traffic

  Hello
  I am writing client for WinRM service(Windows Vista). This service use SOAP protocol for communication.
  And I cannot make subscription for Windows events using Push method.
  The issue is when I try to make events subscription - Vista tries to test connection with my server, but I don't know what should I send back for test connection request to Vista WinRM... :(
  I didn't find it in MSDN.
  Subscription request is:
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:ew="http://www.example.com/warnings'" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://www.w3.org/2001/XMLSchema">
  <env:Header>
  <a:To s:mustUnderstand="true">HTTP://winrmcient:80/wsman/</a:To>
  <w:ResourceURI>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</w:ResourceURI>
  <a:Action s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/eventing/Subscribe</a:Action>
  <a:MessageID s:mustUnderstand="true">uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:MessageID>
  <a:ReplyTo>
  <a:Address s:mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
  </a:ReplyTo>
  <w:MaxEnvelopeSize>262144</w:MaxEnvelopeSize>
  <w:Locale xml:lang="en-US"/>
  <w:OperationTimeout>PT5M0.000S</w:OperationTimeout>
  <w:OptionSet>
  <w:Option Name="ReadExistingEvents" mustComply="false"/>
  <w:Option Name="ContentFormat">RenderedText</w:Option>
  </w:OptionSet>
  </env:Header>
  <env:Body>
  <e:Subscribe>
  <e:Delivery e:Mode="http://schemas.xmlsoap.org/ws/2004/08/eventing/DeliveryModes/Push">
  <e:NotifyTo>
  <a:Address>http://Antares:443</a:Address>
  </e:NotifyTo>
  </e:Delivery>
  <e:Expires>PT12H0M0.000S</e:Expires>
  <w:Filter>
  <QueryList>
  <Query Path="Security">
  <Select>*</Select>
  </Query>
  <Query Path="System">
  <Select>*</Select>
  </Query>
  <Query Path="Application">
  <Select>*</Select>
  </Query>
  </QueryList>
  </w:Filter>
  <w:SendBookmarks/>
  </e:Subscribe>
  </env:Body>
  </env:Envelope>
  WinRM connection test request is request with empty content length and with header:
  Host=[Antares:443], Content-type=[application/soap+xml;charset=UTF-16], Content-length=[0], Connection=[Keep-Alive], Authorization=[Kerberos YIIE4wYJKoZIhvcSAQICAQBuggTSMIIEzqADAgEFoQMCAQ6iBwMFACAAAACjggOLYYIDhzCCA4OgAwIBBaEKGwhCUS5MT0NBTKIaMBigAwIBAqERMA8bBEhUVFAbB0FudGFyZXOjggNSMIIDTqADAgEXoQMCAQ2iggNABIIDPHstoHWBhepDeU/h3o6Uuzjtgxo5SlVRVaa9JjAUcEDb4k+DKQrtwia/GtvDsmoZ4VgE8gGpJmcuZHNUEBHwEmn48RAAuo/f3o/D7hBJ3XygexN8yPZFYtElT1CvtoVOuvox83xOr9TdUn+Dd12/AupkAIxwbdHNhftcOCajJOv3NnFGoeF5+NA54VguaW1XGZxoC1mviITkfeDW0rZnKQ3aJxRDG0kKfHvWYdIlifRydQkTY/XMGHBFvd8kA8Q3M6WYVmuCKLjjJwvHjfZ56GWUpax7MlYmOGs7ncHLptCyxiV7RTiP0c00MViangq4CoioLyPwdysG7V8oyMGcc32WpsWCbXJNm5N8ijy7JxRd4W2zfzL6rpkGFQ2F0AfsH/b+Dz45sYXKyEgJajA5TK/cPiECTIMbXnkehz2yC5mjY4XalhXf4U1j/D5E2ApbG0ITUrp10a6C/dy5yEtc4CNtVHDQ30BrdZS+vxO2PwwIKZovvvlzIyddgOqyKaKhs9i3eMfF61IjhUpquK4zZYYZEqpQtkgSaDz8rurD4M5Z1CzzlID5nlVg9YsA9JhPejsdU9Rmt51OjCu8rBvd+Kb7AMkujDogOli4NVNKssdLOJl7m3ulMQTs5AFT1O7YOW4SQsos1g2UEW+JzE+sj1IGdia8xmjxuZOsWks4QgX9O0PL3LNVE/iGgR2dOQhRzhuwEJEUfHpy1BIqZzbG48KkkNxFZLgeM+ztnrssw/zaD1vTs4+EF7KPVp1ldBwPId2P6PIyd4nyX+1tJt2SYHKyk0mdxkCw8pTAfrNxJGj9Ku573YcPfFdGhTtTTzo1CJPwSQFoNlEhh7wriaED/fseIEPPLASR+wIzGVPNBb5mTCd/vCPrwsShZl0wmtwUiDgNAu2732GVb7MDSKIc/hOjZAdFqoh3KzvWUSIsdrl1Mezcjb6VSuM87f4pWaR7f0RMexNB6ZEL0RzncbMXyhmUcqNaVyCWCgWN/ovKmWt53FkBQZkZIxLZUVyi6As3bhsfVxrw6dU4oKpHesDKldHFOz1fuEv8UKu6s7DaAd1VXiLmU4uzUSfiYH0iQCYkvf1sVqKBVyrFXHHQTKSCASgwggEkoAMCAReiggEbBIIBF2DcdvxWBV/D29hIBpQ8sJk8XF+q9tVNBHm3bFXtetxKwk1UxO64r7U5YQ4kqgvAyKTq/aL9V/QrO5x1M0mbqjKrfo/ehKGy5GGUZeQ0TYhkkmdNq8Mxo2CR5IIWqzEIaB00qSkombg/3IvniUoKbHfvoGMdr63DqRr8AbmXzHK+9kfyYMkkSMn72spoPBYadYAJZ02VUJp5fdNIqsMTREfEf3qfJNdvzaCRN/BcHVJ0C/5TChf8gFMThZzHShr2j1OdWBEZ/uLsMl2INqW0/AcCfLopSTcwgip/E63Zz/mKFCq2VIPp1++KvWPUKPalzdK9Pg/AwzXM6/+SBXdWfkUJGUW9x2nHFuZ6IeoAlhS2hvNLcjJ2ww==], User-agent=[Microsoft WinRM Client]
  I tried to send empty response(with the same test request header) for test request but it doesn't take any effect.
  WinRM subscription response is:
  <?xml version="1.0" encoding="UTF-8"?>
  <s:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xml:lang="en-US">
  <s:Header>
  <a:Action>http://schemas.xmlsoap.org/ws/2004/08/eventing/fault</a:Action>
  <a:MessageID>uuid:B83898C7-9F93-4E7A-8C8C-B72C7D189908</a:MessageID>
  <a:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:To>
  <a:RelatesTo>uuid:a4b86ede-32d0-4a28-91f5-bc8f36bfca22</a:RelatesTo>
  </s:Header>
  <s:Body>
  <s:Fault>
  <env:Code xmlns:env="http://www.w3.org/2003/05/soap-envelope">
  <s:Value>s:Sender</s:Value>
  <s:Subcode>
  <s:Value>e:EventSourceUnableToProcess</s:Value>
  </s:Subcode>
  </env:Code>
  <env:Reason xmlns:env="http://www.w3.org/2003/05/soap-envelope">
  <s:Text xml:lang="en-US">The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </s:Text>
  </env:Reason>
  <s:Detail>
  <w:FaultDetail>http://schemas.dmtf.org/wbem/wsman/1/wsman/faultDetail/UnusableAddress</w:FaultDetail>
  <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858901" Machine="">
  <f:Message>The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </f:Message>
  </f:WSManFault>
  </s:Detail>
  </s:Fault>
  </s:Body>
  </s:Envelope>
  In WinRM documentation I see:
  +Note: HTTP traffic by default only allows messages encrypted with
  the Negotiate or Kerberos SSP.+
  But I use simple java HttpConnection and there are no any references to Kerberos in JavaDoc for this class... :(
  One more - I use BASIC authentication.
  Does anybody know what should I send back for connection test request.

  Sorry, I forgot to set "java.security.krb5.conf" and "java.security.auth.login.config" properties.
  But after I set these properties I've got another exception:
  GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
       at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
       at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
       at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
       at sun.security.jgss.spnego.SpNegoMechFactory.getCredentialElement(SpNegoMechFactory.java:109)
       at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
       at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:384)
       at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
       at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
       at com.symantec.cas.ucf.sensors.ws_management.WSServer.start(WSServer.java:132)
  Caused by: javax.security.auth.login.LoginException: No LoginModules configured for
       at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
       at javax.security.auth.login.LoginContext.<init>(LoginContext.java:499)
       at sun.security.jgss.GSSUtil.login(GSSUtil.java:244)
       at sun.security.jgss.krb5.Krb5Util.getKeys(Krb5Util.java:185)
       at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Krb5AcceptCredential.java:82)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:79)
       ... 28 more
  But it seems to me that I've set login module correctly:
  com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=false useTicketCache=false;
  May be I missed something...
  What do yo think about it ?

• Ironport not forwarding HTTPS traffic

  We have recently been trying to setup a BYOD wireless network and the wireless Clients that join this network have their traffic routed directly to an Ironport S370 (Ver7.1.4-053) as we do not want the BYOD users to have to configure their proxy settings.
  We have created an Identity which matches the Subnet given to BYOD devices with no authentication and then an Access Policy for filtering, all this works as long as the traffic is HTTP, as soon as you try to access anything using HTTPS then the Ironport seems to drop the traffic as it never hits the firewall and the page cannot be displayed.
  Any domained clients which have the Ironport address as their proxy work fine.
  The Ironport is not set to bypass any addresses in bypass settings.
  I am sure there must be a simple answer as to why HTTPS traffic is not being forwarded and any pointers as to why this is would be gretly appreciated.
  Many thanks,
  Neil.

  Hi Igor and Neil,
  As per AsyncOS 7.5 documentation, HTTPS proxy needs to be enabled to process HTTPS traffic in transparent mode.
  following is the extract from the doco.
  " When the Web Proxy is configured in transparent mode, you must enable the HTTPS Proxy if the appliance receives HTTPS traffic. When the HTTPS Proxy is disabled, the Web Proxy passes through explicit HTTPS connections and it drops transparently redirected HTTPS requests. The access logs contain the CONNECT requests for explicit HTTPS connections, but no entries exist for dropped transparently redirected HTTPS requests "
  If you do not want to decrypt HTTPS traffic, you can enable HTTPS proxy in pass-through mode.
  Thanks,
  Wipula.

• Exchange 2003 sending out high https traffic to Blackberry servers

  We have 10-15 Blackberry users setup with BIS, using OWA to send/receive work emails.
  I see large amounts of https traffic being sent out from the Exchange server to Blackberry servers, (35-40 GB during the past month), these 10-15 users would not receive that much email or send that much in a month
  Are there any known issues or workarounds for this type of issue?

  We have 10-15 Blackberry users setup with BIS, using OWA to send/receive work emails.
  I see large amounts of https traffic being sent out from the Exchange server to Blackberry servers, (35-40 GB during the past month), these 10-15 users would not receive that much email or send that much in a month
  Are there any known issues or workarounds for this type of issue?