Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 3
Registered: ‎03-16-2016

Web classification and proxy

[ Edited ]

Hello,

on an instant AP (IAP 225, 6.4.2.6-4.1.1.6) I have a problem with web classification. The AP is behind an proxy server that is configured on the AP (proxy server 10.xxx.xxx.xxx 8080), but the AP seems not to be using this connection for the web classification traffic.

 

In logs I have the message:

Mar 16 16:29:33  bcaruba: <353000> <ERRS> |AP AB3@10.95.230.32 dpimgr|  DPIMGR: bca_syslog 201 Cannot resolve host aruba.brightcloud.com: Name or service not known

 

On network firewalls, I don't see any communication to the proxy from the AP.

 

Is it possible to proxy this traffic?


 

 

Guru Elite
Posts: 19,960
Registered: ‎03-29-2007

Re: Web classification and proxy

That message looks like DNS is not be resolved correctly.  What DNS server is the IAP using?  I am not sure if DPI Manager Supports proxy configuration, as of yet...

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 3
Registered: ‎03-16-2016

Re: Web classification and proxy

It is using our internal DNS server, but that serve doesn't have internet domains. And since the AP is in management network and has no direct internet connection it would not help. Do you know if there is a planned support for proxy for the DPI Manager?

Guru Elite
Posts: 19,960
Registered: ‎03-29-2007

Re: Web classification and proxy

Well, you are talking about two things:

 

1 - The IAP needs to be able to resolve aruba.brightcloud.com via DNS, otherwise it will not work.

2 - It then needs to be able to send traffic to aruba.brightcloud.com over SSL (port 443).

 

It seems like you have a problem right now with #1.  Do you proxy SSL traffic?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 3
Registered: ‎03-16-2016

Re: Web classification and proxy

 


cjoseph wrote:

1 - The IAP needs to be able to resolve aruba.brightcloud.com via DNS, otherwise it will not work.

When using proxy there should be no need to resolve the DNS. Newertheless I created a separate DNS server with a single entry of aruba.brightcloud.com. After that the AP tried connecting to the brightcloud but still ignored the proxy settings and tried to connect directly to brightcloud.


cjoseph wrote:

2 - It then needs to be able to send traffic to aruba.brightcloud.com over SSL (port 443).

 It seems like you have a problem right now with #1.  Do you proxy SSL traffic?

 


This seems to be false. I checket the firewall logs and it is using plain HTTP (port 80) not an SSL connection (port 443)!

There should be no problem proxying HTTP or SSL traffic.

 

It looks like we found an workaround to this issue:

We created and DNS entry for aruba.brightcloud.com on our DNS servers and pointed it at our transparent proxy server and that looks to be working. But I still think this should be able to work over standard proxy.

Search Airheads
Showing results for 
Search instead for 
Did you mean: