ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Issue with Java aplets

    Posted Jul 13, 2018 09:35 AM

    Hi guys

    I have a huge problem with sites that requires client certificates and use java aplets to check the certificate and/or confirm it. I can't see any blocked content in trace/main log, Java aplets just doesn't launch. Everything worked fine before we implemented ASG in our firm, it also works when we use another internet connection. I've checked AV settings to be sure theres no java files blocked, I've configured java settings to use our proxy, no positive results. I'll be grateful for any ideas. 

    Cheers



  • 2.  RE: Issue with Java aplets

    Posted Jul 13, 2018 10:14 AM
      |   view attached

    I forgot about screenshot, this is how it looks when it works on another connection without proxy. When we switch to our proxy Java console is just empty. 



  • 3.  RE: Issue with Java aplets

    Posted Jul 16, 2018 12:01 AM

    Hi,

     

                 Will you be able to share a client side packet capture taken with Wireshark when this Java is launched. It is possible that the Java initiation itself is not happening which explains the blank console. Client side pcap should be giving us some clue.
     



  • 4.  RE: Issue with Java aplets

    Posted Jul 18, 2018 03:28 AM

    I've checked the packet capture with our network team, and there's nothing about blocked sites or java. We have found strange alert though, it's about failed credentials, but we don't get it in web browser, we found it in packet capture. I'll attach two files, one is a screenshot with the alert (again, we don't get it in browser), and a piece of pcap. It looks like something is blocking the java launcher itself, everything works fine when we connect mobile modem and not using connection via asg proxy. Thanks.

    Attachment(s)

    zip
    mofnet.zip   1 KB 1 version


  • 5.  RE: Issue with Java aplets

    Posted Jul 18, 2018 04:02 AM

    Hi,

     

                    The alert that you are seeing in PCAP is the proxy's attempt to authenticate the browser or application. This PCAP response is common in that case. Do you have the full PCAP to share ?



  • 6.  RE: Issue with Java aplets

    Posted Jul 18, 2018 04:12 AM
      |   view attached

    Here it is. 

    Attachment(s)

    zip
    wefe2q.zip   2.48 MB 1 version


  • 7.  RE: Issue with Java aplets

    Posted Jul 19, 2018 12:59 AM

    Hi,

     

                   Can you try bypassing authentication and allow the domain by using the below rule in the VPM CPL layer (or local policy file)

    <proxy>
url.doman=mofnet.gov.pl authenticate(no) allow

     

                 I can see that the client is closing most of the SSL sesions just after the handshake and pcap not clear on why.