Jump to content
Welcome to our new Citrix community!
  • 0

BUG: SecureWeb can't understand proxy (ip:port) defined in MDX policies


Question

Hello everyone,

 

Just to communicate to all, I found a bug about proxy connections on Android Secure Web - The connections doesn't flow thought proxy server and goes directly to the internet. The versions I'm here:

 

XMS: 10.8.0.23

SecureHub: 19.4.5

SecureWeb: 19.4.5-5

 

On MDX policies, I set on "PAC file URL or proxy server" IP:Port of my proxy server and I could confirmed it taking a look at ADB log from my android as bellow:

--------------------------

04-24 18:27:31.043 19510 19510 I MDX-Policies: MvpnGatewayAddress = 
04-24 18:27:31.043 19510 19510 I MDX-Policies: MvpnNetworkAccess = MvpnNetworkAccessTunneledFullVPN
04-24 18:27:31.043 19510 19510 I MDX-Policies: MvpnRedirectWebTrafficWithSSO = true
04-24 18:27:31.043 19510 19510 I MDX-Policies: MvpnSessionRequired = True
04-24 18:27:31.043 19510 19510 I MDX-Policies: NetworkAccess = NetworkAccessTunneled
04-24 18:27:31.043 19510 19510 I MDX-Policies: OnlineSessionRequired = false
04-24 18:27:31.043 19510 19510 I MDX-Policies: OpenInExclusionList = {action=android.speech.tts.engine.CHECK_TTS_DATA}{action=android.app.action.SET_NEW_PASSWORD}{action=android.app.action.START_ENCRYPTION}{action=android.intent.action.PICK}{action=android.intent.action.RINGTONE_PICKER}{action=android.intent.action.DIAL}{action=android.intent.action.MAIN}{action=com.android.keychain.CHOOSER}{action=android.intent.action.VIEW scheme=wbx package=com.cisco.webex.meetings}{action=android.intent.action.VIEW scheme=lync package=com.microsoft.office.lync15}{action=android.intent.action.VIEW scheme=market}{action=android.intent.action.VIEW scheme=col-g2m-2}{action=android.intent.action.VIEW scheme=tel}{action=android.media.action.IMAGE_CAPTURE}{action=android.provider.MediaStore.RECORD_SOUND}{action=android.media.action.VIDEO_CAPTURE}{package=com.android.settings}{action=com.huawei.intent.action.hwCHOOSER}
04-24 18:27:31.043 19510 19510 I MDX-Policies: PACFileURL = 10.0.1.8:8888
04-24 18:27:31.043 19510 19510 I MDX-Policies: Paste = Unrestricted
04-24 18:27:31.043 19510 19510 I MDX-Policies: PreferredVpnMode = SecureBrowse
04-24 18:27:31.043 19510 19510 I MDX-Policies: PrivateFileEncryptionEnum = SecurityGroup
04-24 18:27:31.043 19510 19510 I MDX-Policies: PrivateFileEncryptionExcludeList = 

--------------------------

 

SecureWeb ignores it and all connections goes directly to the internet.... as a workaround, we created and set a PAC file in SecureWeb's MDX policies and it worked.. all connections now are flowing though the proxy server.

 

 

Link to comment

1 answer to this question

Recommended Posts

  • 0

Hi,

 

Another way to address this to proxy is set traffic policies in NetScaler Gateway.

 

It allows you to use SecureBrowser in MDX settings and control proxy configs on the NetScaler level:

 

: Traffic profiles settings:

add vpn trafficAction Traffic_Profile_NoProxy tcp -appTimeout 1

add vpn trafficAction Traffic_Profile_Http_Https http -proxy IP:PORT_PROXY

 

: Traffic policies settings:

add vpn trafficPolicy policy_NoProxy "REQ.HTTP.HEADER Host CONTAINS mail.customer.com || REQ.HTTP.HEADER User-Agent CONTAINS WorxMail || REQ.HTTP.HEADER User-Agent CONTAINS com.zenprise || REQ.HTTP.HEADER User-Agent CONTAINS WorxHome || REQ.HTTP.URL CONTAINS AGServices || REQ.HTTP.URL CONTAINS StoreWeb" Traffic_Profile_NoProxy

 

add vpn trafficPolicy policy_ProxyHttp "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 80" Traffic_Profile_Http_Https

 

add vpn trafficPolicy policy_ProxyHttps "(REQ.HTTP.HEADER User-Agent CONTAINS Mozilla || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser.droid || REQ.HTTP.HEADER User-Agent CONTAINS com.citrix.browser || REQ.HTTP.HEADER User-Agent CONTAINS WorxWeb) && REQ.TCP.DESTPORT == 443" Traffic_Profile_Http_Https

 

: NSGW bindings

bind vpn vserver VIP_NSGW -policy policy_NoProxy -priority 100

bind vpn vserver VIP_NSGW -policy policy_ProxyHttp -priority 110

bind vpn vserver VIP_NSGW -policy policy_ProxyHttps -priority 120

 

*remember to change the bold content

 

Regards,

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...