Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 29 December 2024, 11:25:33 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Problems with Java when running proxy with user authentication.
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Problems with Java when running proxy with user authentication.  (Read 15032 times)
techie
Jr. Member
*
Offline Offline

Posts: 6


« on: Thursday 10 June 2010, 01:31:29 am »

Background:

An Endian 2.4 firewall configured with a non-transparent proxy. There is no allowed internet traffic unless it is routed through the proxy. The proxy authenticates the user groups against a Windows 2008 active directory. The content filter and antivirus is also enabled.

This is done mostly to disallow factory workers access to the internet except on the lunch break and to disallow access to some of the worst parts of the Internet by filtering content and scan for virus.

Problem description:

After introducing the firewall with the squid proxy activated there has been problems with several websites. The problem seemed to be centralized around home banking and other sites based heavily on Java. The problem first came after introducing an authentication scheme based on a Windows 2008 active directory.

According to the test application at java.com the Java installation on the client was fine.

Our solution:

First make sure that Java is configured to use the proxy. Default is to use the Windows settings.

After troubleshooting it seemed like Java wasn’t able to authenticate. The solution was to create a filter rule that allowed for Java to pass through the proxy without having to authenticate.

Source Type: Zone
Select Source Zone: Green
Destination Type ANY
Authentication: disabled
Useragents: Java
Access policy: Allow access
Filter profile: What ever you created.
Policy status: Selected.

Holes:

Unfortunately such a rule opens up a hole for users with technical skills. If they can get their browser to present it self as Java they can access the Internet without authenticating.


I hope other people can use the solution..
Logged
entourage
Full Member
***
Offline Offline

Posts: 48


« Reply #1 on: Wednesday 14 July 2010, 06:10:41 am »

I'm running 2.2 (windows authentication, proxy only) and recently ran into an issue with a Java applet not loading because of an authentication issue.  After reading your post I searched out how to change the proxy settings for Java. 

http://www.java.com/en/download/help/proxy_setup.xml

Start the Java Plug-in Control Panel by following these instructions:

1.Click the Start menu
2.Select Settings
3.Select Control Panel
4.Double click the Java icon.
5.Click on the Network Settings button.
6.Select the Use Browser Settings checkbox.
7.Click the OK button to save your changes.
8.Close all browser windows. Restart the browser and try to load the applet.
9.If the applet still does not load and you see the same connection error, try to configure your web browser's proxy settings.

In my case fortunately, it wasn't apparently grabbing the browser settings, even though it was configured that way.  Once I manually entered my proxy address and port, it worked!
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com