HTTPS connections is not redirected by gateway enforcer

Article:TECH154169  |  Created: 2011-02-24  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/TECH154169
Article Type
Technical Solution


Environment

Issue



Customer reported that when a client does not have the SNAC agent installed the client is not redirected to ODC download page automatically when Proxy server is set in Internet Explorer settings of client.  After remove Proxy settings in IE, redirection to ODC download page is fine when trying to access internet.


Error



Client sends <SYN> packet to Proxy server several times but no response from Proxy server then timed out.


Environment



Symantec Endpoint Protection Manager with Symantec Network Access Control version RU5

Gateway Enforcer RU5 with On-Demand Client feature enabled.


Cause



When ODC is enabled on GW Enforcer, if there's a HTTP get request from client, Enforcer will generate a response with HTTP code 302, telling client object has been moved to Enforcer's internal IP.

If proxy is enabled on client, when it receives the 302 code, it will generate a new URL request to Enfocer's IP, but it will send this URL to proxy's IP instead of Enforcer's IP. This will trigger Enforcer return 302 again.

Enforcer is listening port 80 ONLY for HTTP traffic


Solution



There's an workaround, please follow these steps on client machine, assume IE is used:
1. Open IE
2. Menu Tools -> Internet Options->Tab "Connections"
3. Click button "LAN settings"
4. Make sure proxy server's port is 80, other ports are not supported
5. Click button "Advanced"
6. Add Enforcer's internal IP in "Exceptions"




Article URL http://www.symantec.com/docs/TECH154169


Terms of use for this information are found in Legal Notices