osloboy
asked on
Permit Proxy to Proxy Traffic
hi expert friends
am using Cisco IPS Manager Express 7.
how we can manually enable/permit traffic between specific internal Proxy Address and external Proxy Address.
my IPS is blocking external ISP's Proxy servers.
its showing my internal proxy server ip address as Attacker and external ISP's Proxy server ip address as victim
please give some idea to deal with it
am using Cisco IPS Manager Express 7.
how we can manually enable/permit traffic between specific internal Proxy Address and external Proxy Address.
my IPS is blocking external ISP's Proxy servers.
its showing my internal proxy server ip address as Attacker and external ISP's Proxy server ip address as victim
please give some idea to deal with it
If the ISP is blocking your Proxy at the ISP's Proxy,...then call the ISP and take to them about it. there is not a thing in the world you can do about it yourself.
I think the issue the user is dealing with is that their own IPS (not ISP) manager applies the rules to the traffic from their internal proxy to the external proxy.
ASKER
anold: is right
my guess, either the Proxy Server have malicious code, botnet etc
but i am seeking if any of expert have deal with it before.
can i /how can i get some help from cisco it self?
my guess, either the Proxy Server have malicious code, botnet etc
but i am seeking if any of expert have deal with it before.
can i /how can i get some help from cisco it self?
I thought IPS was a misspelled ISP.
I have not used the IPS. What options do you have in the interface?
ASKER
arnold: how to set up your Proposed Rule
"IP_of_internal_proxy to ip_of_external_proxy port 1234" in cisco IPS Manager Express or on CLI. ?
"IP_of_internal_proxy to ip_of_external_proxy port 1234" in cisco IPS Manager Express or on CLI. ?
I do not have an IPS manager. What options do you have available?
Are you able to access IPS manager via a browser interface?
Do you manage it via an SSH/telnet session (Command Line Interface)
Is this what you see when you access it?
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch02.html
Target value rating might be what you are looking for
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch05.html#wp736179
Under TOC blocking there is a subcategory never block addresses this might be where you need to add your internal proxy IP so it is never blocked.
Are you able to access IPS manager via a browser interface?
Do you manage it via an SSH/telnet session (Command Line Interface)
Is this what you see when you access it?
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch02.html
Target value rating might be what you are looking for
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch05.html#wp736179
Under TOC blocking there is a subcategory never block addresses this might be where you need to add your internal proxy IP so it is never blocked.
ASKER
thanks but links seems to be old.
what i did is create a "Event Action Filter" and Subtract Proxy IP Addresses out of it. is it ok?
what i did is create a "Event Action Filter" and Subtract Proxy IP Addresses out of it. is it ok?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
fare
What proxy app are you running on the inside?
Do you have a rule exempting your internal proxy from filtering rules?
My guess is that you do not have, and the IPS based on the thresholds sees a large number of requests originate from the internal proxy to a single destination.
Limit the rule to only the specific ports i.e. if the remote proxy is on port 1234
then you would setup a rule to allow from IP_of_internal_proxy to ip_of_external_proxy port 1234.
This way your IPS will capture events should something else originate from the proxy server i.e. it gets/processes a directive to do something else.