CacheGuard Help

We are trying to configure CG in non transparent mode. When doing so we get the following error: ERR_PROXY_CERTIFICATE_INVALID as well as no internet traffic through browser. Please help.

Hi,

Thank you for your post.

Can you please let us know the following:

• Your client OS?

• Your client browser & version?

Did you activate the SSL mediation mode? To know if the SSL Mediation mode is activated or not please use the following command from the CLI: Best Regards,

Hi,
Can you also please provide with the website that you are trying to browse via CacheGuard proxy?
Thanks in advance,

SSLMediate is off
Running Windows 10 Chrome Browser - similar issues with IE and FF.
Trying to hit all websites but to test we just did google.com

Can you hit an HTTP (not S) website such as http://www.example.com to check network connectivity please ?

Do you have any other security devices in front of your CG? If so, can you please check that they don't block Web traffic and/or make SSL inspection by generating dynamic certificates?

Please send us the output of the following commands: In your browsers, what IP address and port do you use for the proxy configuration?

Best,

Http trafic through http://neverssl.com does not work either - I get err_proxy_connection_failed

(for security reasons I deleted the links that reveal your public IP addresses - below your IP configuration)

• From your CG can you ping your default gateway (xxx.xxx.xxx.105)?

• From your CG can you ping cacheguard.net?

• From your client (windows) can you ping your CG internal IP address (10.11.3.3)?

• What is your client (Windows) IP address?

Please ensure that your Chrome browser uses the 10.11.3.3 IP on 8080 port as the proxy.

Best Regards,

From your CG can you ping your default gateway (xxx.xxx.xxx.105)? - Yes we can
From your CG can you ping cacheguard.net? Yes we can
From your client (windows) can you ping your CG internal IP address (10.11.3.3)? Yes we can
What is your client (Windows) IP address? 10.11.3.8

Some one had told me to set the port to 8090 - thats when get the ERR_Proxy_Certificate_Invalid. Now that I changed it to 8080 I get ERR_Proxy_Connection_Failed

The default proxy port is 8080. The 8090 port is the default Web GUI administration port.

Please double check that 10.11.3.3:8080 is used as HTTP, HTTPS and FTP proxy. Also Chrome under a supported desktop environment (such as Windows) uses the system proxy settings. Did you setup the proxy configuration at the Windows level?

Do you have the same error with Firefox?
Can you hit the http://10.11.3.3 URL?

Please send us the output of the following command: Tip: you can activate the SSH server on your CG using the following commands: And then connect to your CG using an ssh client (like putty) --> You can use Copy/Paste in an SSH client window to send the output of the command above.

Best,

Hi,

It is also possible that you didn't connect the right CG ports to your other network devices. The following command gives you the association between physical (Ethernet) ports and logical interfaces: You can use it to identify ports on your CG. Please note that the internal interface should be connected to you LAN (clients side) and the external interface should be connected to your internet router (or frontal firewall).

Best Regards,