[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Proxy settings show correct setting but are using a different setting

Posted on 2014-07-17
15
Medium Priority
?
364 Views
Last Modified: 2014-08-03
We have two locations.  Both have a proxy server.  I work one day at one location, and the next at the other location.

When I move between the locations, I set the Internet Settings > connections > Lan > proxy to the correct locations proxy.

Location 1:  proxy.location1.com   resolves to (192.168.100.46)
Location 2:  proxy.location2.com   resolves to (192.168.1.46)

What is happening is that while at Location1, I found that I am actually routing to the Proxy at Location 2.
I have confirmed that my proxy settings is for Location 1.
I have confirmed on my laptop that the proxy.location1.com resolves to the correct ip address (192.168.100.46)

Does anyone know why  it would be using the other proxy setting, but everything shows the correct proxy setting?
0
Comment
Question by:HCSHAW
  • 8
  • 7
15 Comments
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40207333
i assume those setting are in your browser. most likely you did not restart the browser. it is also possible that you have setup an OS-level proxy so your browser actually uses proxy1 but reaches it through proxy2 because of the OS-level setup
0
 

Author Comment

by:HCSHAW
ID: 40209387
The browser was restarted at the time of the issue.   The settings were confirmed as correct.   Yet when tested, it would still go through Proxy2, not 1 as the settings was saying.   You say OS-Level.  How do I check that?
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40213831
browser restarted ? unless the browser was killed manually using the task manager you cannot be sure. also note that shutting down a windows 8 machine actually hibernates it so no process are actually killed when you stop+restart it.

how to check for something OS-level ? first tell us which os we are dealing with. i can infer windows + internet explorer given your question but nothing more
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:HCSHAW
ID: 40214383
Yes, it is windows 7.  Chrome or IE, both have the same issue.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40219391
"Internet Settings > connections > Lan" does not apply to chrome

this means that you either have some acquired proxy settings maybe through wpad or a similar mechanism on the site, or a system wide proxy.

you can check for os-level proxies using "netsh winhttp show proxy" from the command line (and equivalent command if it happens to be some other kind of proxy such as socks proxy)
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40219392
btw, how did you determine you were using the wrong proxy ? network sniffer ?
0
 

Author Comment

by:HCSHAW
ID: 40219483
I was opening up a site on location 1 proxy while in that local network.  I could not connect to the site.   My proxy settings pointed to the location 1 proxy.  

I opened up the site on the location 2 proxy and found that I could now access the site.   I was being routed to the other subnet and out their proxy.  

"Internet > connections > lan" do apply to chrome as well.  I control users internet access with a global policy that forces the connections to the local proxy for internet traffic.    Firefox will allow you to bypass the group policy settings but chrome recognizes them.

Netsh ... reports Direct access (no proxy server)   .  However it is set up in Internet settings > Connections > lan.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40221206
your explanation regarding the use of a proxy or another is very unclear to me. "open the site on the location 2 proxy"... the same WEBsite as previously ? open a site on a proxy ?


""Internet > connections > lan" do apply to chrome as well"
yes, i was mistaken

"I control users internet access with a global policy that forces the connections to the local proxy for internet traffic"
can you elaborate ? are we talking about a GPO ? if so, it is very likely that the gpo has a higher priority than whatever you can configure manually. if you're talking about a firewall or router redirection/interception, whatever was setup also won't apply.

"Netsh ... reports Direct access (no proxy server)   .  However it is set up in Internet settings > Connections > lan. "
this is expected behavior. netsh gives information regarding os-level proxy while internet setting is supposed to be application-level
0
 

Author Comment

by:HCSHAW
ID: 40221701
Gpo points users to the proxy.  
They are set to not allow changing the proxy settings. A seperate Gpo for me also points me but allows me to overide the setting.

The firewall sends internet traffic to the proxy which then passes it to the user and vice versa.  User sends traffic to firewall which passes to internet.


Stating the issue another way.   My laptop was using the location 2 proxy when set to use location 1.   We use dans guardian as a filter.   The proxy (squid) and DG are the same machine.  Traffic goes to squid then is checked by DG.  The DG allows me to bypass filtering of a site.  

While at location 1 and set to use the Proxy/DG of location 1 I found a site that was being blocked.  I added the site to DG as a safe site.   I then tried again to connect to the site.  No go.  Blocked.   Out of courisity I then added the site to the location 2 DG. I tried to access again and was allowed to the site.  

Besides tracert , is there an easy way to trace the route that a machine is taking to the website?  We do not have allowed ping response turned on so trace route comes back with incomplete data.  

Thanks
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 2000 total points
ID: 40221837
tracert is meant to debug basic ip routing and your issue resides elsewhere

The firewall sends internet traffic to the proxy which then passes it to the user and vice versa.  User sends traffic to firewall which passes to internet.

if the firewall is the one sending traffic to the proxy, you have transparent proxying enabled so whatever you configure on the machine will not solve the issue. this fact is quite uncertain given the above information.

at this point, a local wiresherk would be a great way to figure heads and tails out of this mess : either your machine send GET http://whatever.tld/path to the proxy server, and the issue is host-related, or the machine sends GET /path to whatever.com, and the issue is network related
0
 

Author Closing Comment

by:HCSHAW
ID: 40232330
Ok, I will give that a try.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40237322
you don't have to accept answers when you did not get one. feel free to post the actual answer if you figure it out, and feel free to ask more questions in this thread.
0
 

Author Comment

by:HCSHAW
ID: 40237523
I went on an all out investigation into our network settings.   There was a lot of clean up that needed to happen, but nothing that would have caused the behavior I experienced.
Some areas that were reviewed and cleaned up
1) DNS
entries that were stale were removed.
DNS for the proxy was confirmed as correct.
2) DHCP
cleaned up and validated the settings it was handing out
3) Dans Guardian
Cleaned up some old stale settings.  Still nothing that would cause the issue.
4) Router
Reviewed all rules and cleaned up.
Again, nothing to explain the behavior
5) My PC
Reviewed all network settings and they are correct.

At this point it is working correctly, so whatever it was probably cannot be traced now.

Again, thanks for the help.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 40237863
too bad it cannot be traced any more but good to see you worked it out somehow.

best regards

---

ps regarding EE :

although it is always welcome to reward the effort of those who tried to be helpful, it is perfectly legit to accept your own answer (and get point refunded) if you are the one to figure things out in the end, or accept your own answer and award points to others as assisted answers, or even ask for the question to be deleted.

the main point to consider when making the decision is which information (if any) might be useful to another reader with a similar problem (assuming that the reader does exist even if your problem is highly specific)

note that the above reflects my personal opinion, and are not official guidelines of the forum (which are published somewhere on the site)
0
 

Author Comment

by:HCSHAW
ID: 40238072
Thanks for your comments on awarding points.  Although this is not a complete answer, it is one that does explore how to step through trouble shooting it.  Although  I didn't find the exact  answer, I did find a way to research it and find out what it wasn't , and I walk away a little smarter. Thus the reason for the points awarded.  ; )
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question