CacheGuard Help

Hi, Well, my responses below: - Excluding a domain name from the SSL mediation: YES , you can do that with exception lists. Please refer to the documentation at: http://www.cacheguard.net/doc/guide/ssl_mediation.html#exceptions . - Excluding a domain name from the URL guarding: YES , by reviewing yo...

If you define transparent networks ([NETWORK] > [Main Settings] > [Transparent Networks]), you tell to CG to only intercept traffic from those networks and let traffic from other networks being simply routed (without interception --> without any treatment by CG). If no transparent network is defined...

Your configuration seems to be good. You can turn off the dns mode if you don't use CG as DNS for other machines.

Actually you mentioned this: Workstation IP is .13 -> pfSense CG Vlan .254 -> CG .250 -> ASA -> Internet Which is not exactly the same as the network topology we used in our lab. Does it mean that in addition to this your pfsense is directly connected to your ASA ? I mean do you have the following (...

Hi, The port to route via CG should be the HTTP port (80) and not thttp (8081) which is for internal usage by CG only. Please don't modify this port unless you know what you do. Also you can't transparently route https traffic (port 443) via CG unless you activate the ssl mediation (on CG). SSL is p...

Hi, We just finished to test the proposed architecture in our lab using a pfSense 2.3.4-RELEASE. We have found that pfSense policy routing does not work if both gateways (CG and ASA) are in the same VLAN. This is either a pfSense bug or a feature. Therefore we created a dedicated connectivity VLAN (...

Hi, If I understand this correctly the internal IP of your CG should be 192.168.254.21 and its external IP 192.168.253.21. Also my understanding is that your CG is implemented in parallel with your (Cisco ASA Routing / FW) at the DC end. Therefore CG as an explicit proxy is reached at 192.168.254.21...

Hi Thank you for your post. Can you please give me the internal and external IP addresses (or equivalent fictitious IP addresses) of your CG so I can figure out where your CG is implemented in the chain? Also you can find useful information in the documentation at: http://www.cacheguard.net/doc/guid...

Hi, We built a similar configuration in our lab but we were not able to reproduce any issue related to the URL guarding. The issue may come from other features. Can you please disable the compress mode? The combination of the antivirus and compress modes is still unstable in the EH 1.3.1. Our engine...

Hi,

If your appliance have been already registered you should select "Already Registered" in the Web GUI (menu option [GENERAL] > [Main Settings] > [Registration & Subscription]). This way you restore its associated unique S/N.

Best Regards,