Permit Proxy to Proxy Traffic

hi expert friends
am using Cisco IPS Manager Express 7.

how we can manually enable/permit traffic between specific internal Proxy Address  and external Proxy Address.

my IPS is blocking external ISP's Proxy servers.

its showing my internal proxy server ip address as Attacker and external ISP's Proxy server ip address as victim

please give some idea to deal with it
osloboyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Usually your proxy should be allowed access to the outside.
What proxy app are you running on the inside?

Do you have a rule exempting your internal proxy from filtering rules?

My guess is that you do not have, and the IPS based on the thresholds sees a large number of requests originate from the internal proxy to a single destination.

Limit the rule to only the specific ports i.e. if the remote proxy is on port 1234
then you would setup a rule to allow from IP_of_internal_proxy to ip_of_external_proxy port 1234.

This way your IPS will capture events should something else originate from the proxy server i.e. it gets/processes a directive to do something else.
0
pwindellCommented:
If the ISP is blocking your Proxy at the ISP's Proxy,...then call the ISP and take to them about it.  there is not a thing in the world you can do about it yourself.

0
arnoldCommented:
I think the issue the user is dealing with is that their own IPS (not ISP) manager  applies the rules to the traffic from their internal proxy to the external proxy.  
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

osloboyAuthor Commented:
anold: is right

my guess, either the Proxy Server have malicious code, botnet etc

but i am seeking if any of expert have deal with it before.

can i /how can i get some help from cisco it self?
0
pwindellCommented:
I thought IPS  was a misspelled ISP.
0
arnoldCommented:
I have not used the IPS.  What options do you have in the interface?
0
osloboyAuthor Commented:
arnold: how to set up your Proposed Rule

"IP_of_internal_proxy to ip_of_external_proxy port 1234" in cisco IPS Manager Express or on CLI. ?
0
arnoldCommented:
I do not have an IPS manager. What options do you have available?

Are you able to access IPS manager via a browser interface?
Do you manage it via an SSH/telnet session (Command Line Interface)

Is this what you see when you access it?
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch02.html

Target value rating might be what you are looking for
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch05.html#wp736179

Under TOC blocking there is a subcategory never block addresses this might be where you need to add your internal proxy IP so it is never blocked.
0
osloboyAuthor Commented:
thanks but links seems to be old.

what i did is create a "Event Action Filter" and Subtract Proxy IP Addresses out of it. is it ok?
0
arnoldCommented:
I do not know.  What do you see in the GUI interface into the IPS manager?
What options out of the link that you say is old does not match what you have/see and the options that are available to you?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
osloboyAuthor Commented:
fare
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.