HTTPS connections is not redirected by gateway enforcer

Article:TECH154169  |  Created: 2011-02-24  |  Updated: 2012-07-21  |  Article URL
Article Type
Technical Solution



Customer reported that when a client does not have the SNAC agent installed the client is not redirected to ODC download page automatically when Proxy server is set in Internet Explorer settings of client.  After remove Proxy settings in IE, redirection to ODC download page is fine when trying to access internet.


Client sends <SYN> packet to Proxy server several times but no response from Proxy server then timed out.


Symantec Endpoint Protection Manager with Symantec Network Access Control version RU5

Gateway Enforcer RU5 with On-Demand Client feature enabled.


When ODC is enabled on GW Enforcer, if there's a HTTP get request from client, Enforcer will generate a response with HTTP code 302, telling client object has been moved to Enforcer's internal IP.

If proxy is enabled on client, when it receives the 302 code, it will generate a new URL request to Enfocer's IP, but it will send this URL to proxy's IP instead of Enforcer's IP. This will trigger Enforcer return 302 again.

Enforcer is listening port 80 ONLY for HTTP traffic


There's an workaround, please follow these steps on client machine, assume IE is used:
1. Open IE
2. Menu Tools -> Internet Options->Tab "Connections"
3. Click button "LAN settings"
4. Make sure proxy server's port is 80, other ports are not supported
5. Click button "Advanced"
6. Add Enforcer's internal IP in "Exceptions"

Article URL

Terms of use for this information are found in Legal Notices