Controllerless Networks

last person joined: 6 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Web classification and proxy

  • 1.  Web classification and proxy

    Posted Mar 16, 2016 12:01 PM

    Hello,

    on an instant AP (IAP 225, 6.4.2.6-4.1.1.6) I have a problem with web classification. The AP is behind an proxy server that is configured on the AP (proxy server 10.xxx.xxx.xxx 8080), but the AP seems not to be using this connection for the web classification traffic.

     

    In logs I have the message:

    Mar 16 16:29:33  bcaruba: <353000> <ERRS> |AP AB3@10.95.230.32 dpimgr|  DPIMGR: bca_syslog 201 Cannot resolve host aruba.brightcloud.com: Name or service not known

     

    On network firewalls, I don't see any communication to the proxy from the AP.

     

    Is it possible to proxy this traffic?


     

     



  • 2.  RE: Web classification and proxy

    Posted Mar 16, 2016 12:07 PM

    That message looks like DNS is not be resolved correctly.  What DNS server is the IAP using?  I am not sure if DPI Manager Supports proxy configuration, as of yet...



  • 3.  RE: Web classification and proxy

    Posted Mar 16, 2016 12:13 PM

    It is using our internal DNS server, but that serve doesn't have internet domains. And since the AP is in management network and has no direct internet connection it would not help. Do you know if there is a planned support for proxy for the DPI Manager?



  • 4.  RE: Web classification and proxy

    Posted Mar 16, 2016 12:36 PM

    Well, you are talking about two things:

     

    1 - The IAP needs to be able to resolve aruba.brightcloud.com via DNS, otherwise it will not work.

    2 - It then needs to be able to send traffic to aruba.brightcloud.com over SSL (port 443).

     

    It seems like you have a problem right now with #1.  Do you proxy SSL traffic?

     



  • 5.  RE: Web classification and proxy

    Posted Mar 17, 2016 12:29 PM

     


    @cjoseph wrote:

    1 - The IAP needs to be able to resolve aruba.brightcloud.com via DNS, otherwise it will not work.

    When using proxy there should be no need to resolve the DNS. Newertheless I created a separate DNS server with a single entry of aruba.brightcloud.com. After that the AP tried connecting to the brightcloud but still ignored the proxy settings and tried to connect directly to brightcloud.


    @cjoseph wrote:

    2 - It then needs to be able to send traffic to aruba.brightcloud.com over SSL (port 443).

     It seems like you have a problem right now with #1.  Do you proxy SSL traffic?

     


    This seems to be false. I checket the firewall logs and it is using plain HTTP (port 80) not an SSL connection (port 443)!

    There should be no problem proxying HTTP or SSL traffic.

     

    It looks like we found an workaround to this issue:

    We created and DNS entry for aruba.brightcloud.com on our DNS servers and pointed it at our transparent proxy server and that looks to be working. But I still think this should be able to work over standard proxy.