Looking everywhere to this particular problem we have and absolutely no joy.
We have been a happy Celestix Application Server user for almost 3 years (msa2000i) which runs as a proxy with Websense. We have been using it behind a 6 year old Cisco PIX firewall and we have recently upgraded and moved our WAN and it now runs behind a WATCHGUARD firewall solution.
Our problem is that we cannot sign into ebay.co.uk? It's not websense because it's a "page cannot be displayed" error and I'm a power user anyway. You get the main "http://www.ebay.co.uk" page, you even get the "http://my.ebay.co.uk" page where you logon to your account. The fun and games starts when you enter your logon details and it then tries to logon to "https://signin.ebay.co.uk", this always returns a "page cannot be displayed".
We know it is something on the proxy because all our central fileservers have open access via the firewall and they can logon perfectly.
Our Watchguard support think it is something to do with the SSL cert belonging to ebay.com and it's trying to logon to ebay.co.uk? But that might just be clutching at straws ?
Anybody else out there seen this or have any idea what I can do. At the moment I'm contemplating working out all the IPs/subnets to bypass the proxy but I think that is defeating the object somewhat. We use ebay quite heavily to sell truck parts.
< Message edited by st1967 -- 6.Nov.2009 5:07:09 AM >
Is the Watchguard trying to do something "clever" to HTTP traffic coming from ISA?
Thanks both, I don't think the Watchguard is doing anything clever, it just passes http/https through that is all?
However the SSL error has moved me in a new direction and I found this in another post on an old thread
"SSL errors almost always relate to going out 1 way , and coming back another way, hence not completing the handshake. In normal words : you probably have a different default gateway than your proxy server."
Now this is the case because we were originally having the celestix in a DMZ so it has a 10.0.0.x address and gateway, the rest of our network is on 192.168.x.x !!
I will pass this onto my support team and see what they think of it?
I think you've found your problem. The source network is 'external'? Same as the destination?
Oh dear, just removed what I though was causing this on the default web rule and I've stopped it working. I removed All Networks (and local host) from the From/Listener section of my web access only rule.
Can you PM me your phone number and I can call you and run through some things !
Just to close this off for anybody interested. Spoke to Paul at Celestix UK and he kindly connected onto my box to have a look.
It turned out to be a websense issue, in that Websense did not know it was also a proxy server so it was doing strange things with the HTTPS traffic.
Paul took time over several days to give me hand, but it wasn't until he looked remotely that he spotted it right away. I can't praise Paul and Celestix enough, even though my server is a few years old now and out of support he was quite happy to do what he could to fix it.
Many Many Thanks to Paul and Celestix, I've a happy group of users around the UK now.
< Message edited by st1967 -- 12.Nov.2009 11:25:06 AM >