How to Configure Syslog policy to segregate App Firewall logs

Steps to follow:

1) Kill syslogd process using command killall syslogd

2) Modify the /etc/syslog.conf by including this line

#local2.* /var/log/iprep.log

local2.* /var/log/ns.appfw.log

3) Create and bind syslog -policy/action as follows

add audit syslogAction locallog <NSIP> -logLevel ALL -logFacility LOCAL2

add audit syslogAction syslogsrv <external syslog server IP> -logLevel ALL

add audit syslogPolicy localpol ns_true locallog

add audit syslogPolicy syslogsrvPol ns_true syslogsrv

bind appfw global localpol 1

bind appfw global syslogsrvPol 2

4) Start the syslog server deamon from shell command: /usr/sbin/syslogd -a *:* -n -v -v -8 -C


Logs from ns.appfw.log:-

# tail -f ns.appfw.log

Mar 11 16:42:03 <local2.info> 10.x.x.x 03/11/2019:11:12:03 GMT XS-99 0-PPE-0 : default APPFW APPFW_COOKIE 73766 0 : 10.x.x.x 127175-PPE0 Jz4u5Dj/4G4eJ4yll830a7zzz+A0000 <appfwpol> http://10.x.x.x/admin_ui/rdx/core/css/chrome.png Cookie validation failed for is_cisco_platform <blocked>

Mar 11 16:42:03 <local2.info> 10.x.x.x 03/11/2019:11:12:03 GMT XS-99 0-PPE-0 : default APPFW APPFW_COOKIE 73767 0 : 10.x.x.x 127176-PPE0 Jz4u5Dj/4G4eJ4yll830a7zzz+A0000 <appfwpol> http://10.x.x.x/admin_ui/rdx/core/css/safari.png Cookie validation failed for startupapp <blocked>

Mar 11 16:42:03 <local2.info> 10.x.x.x 03/11/2019:11:12:03 GMT XS-99 0-PPE-0 : default APPFW APPFW_COOKIE 73768 0 : 10.x.x.x 127176-PPE0 Jz4u5Dj/4G4eJ4yll830a7zzz+A0000 <appfwpol> http://10.x.x.x/admin_ui/rdx/core/css/safari.png Cookie validation failed for is_cisco_platform <blocked>

Mar 11 16:42:03 <local2.info> 10.x.x.x 03/11/2019:11:12:03 GMT XS-99 0-PPE-0 : default APPFW APPFW_REFERER_HEADER 73769 0 : 10.x.x.x 127177-PPE0 Jz4u5Dj/4G4eJ4yll830a7zzz+A0000 <appfwpol> http://10.x.x.x/ Referer header check failed: referer header URL ‘http://10.x.x.x/admin_ui/common/css/ns/ui.css’ not in Start URL or closure list <blocked>

Related:

  • No Related Posts

ECS Portal Web UI Questions – Browser support and accessibility

Hi All,

I have some questions about the ECS Portal Web UI:

1. Does ECS support the Microsoft Edge or Apple Safari web browsers?

From the release notes i see that it support Chrome, Firefox and Internet Explorer 11. Can’t see any others, so I thought to ask the wider community.

2. Can the ECS Web UI be accessed from a browser other devices like a tablet/smart phone without any loss of functionality?

Thanks,

Luke

Dell EMC ASE

Related:

  • No Related Posts

SEPC on iOS

I need a solution

Hi, 

Am trying to enroll SEPC on several iOS devices (with latest iOS version). After the profiles are installed, the SEPC app should be installed. When clicking on “Install now” in Safari nothing happens. Support case is created by until now no feedback.

Who also has this issue or has an solution how to fix this?

0

Related:

SEPC blocking Webex

I need a solution

We are now having problems since around July 17th with Webex hanging which appears to be SEPC related.

We have been able to reproduce this issue across multiple users and browsers (Chrome, FireFox and Safari). Users without SEPC client installed have not reported this issue.

Typically a user gets to 98% of connecting to Webex and it hangs. Some users found sporadically on Safari after it had hung for a while it would connect. We are wondering SEPC Application monitoring is causing this? Screen shot is attached. 

It’s now reached the point however where it is causing disruption to an individual’s work. 

Any help you could provide here would be appreciated.

Thanks,

0

Related:

Server response code

I need a solution

Hi,

We have forced deny one rule but in policy Trace we can see server code 0. Instead of 403. Any idea why it is showing like that.

 DNS lookup was unrestricted
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
user: name=”INDIA480849″ realm=auth1
authentication status=’none’ authorization status=’none’
DENIED: Either ‘force_deny’ or ‘force_exception’ was matched in policy
  url.category: OpenDNS_Cryptomining@Policy;Technology/Internet@Blue Coat
    total categorization time: 0
    static categorization time: 0
server.response.code: 0
client.response.code: 200
application.name: none
application.operation: none
application.group: none
DSCP client outbound: 65
DSCP server outbound: 65

0

1530609708

Related:

Unable to navigate to amtrak.com

I need a solution

Hello, 

I am having an issue connecting to https://www.amtrak.com. We are using the ProxySG in transparent mode and the website is not being blocked. I am able to access it via Safari in OS X 10.11.6 and Internet Explorer 11 in Windows 7, but not Chrome or Firefox in both OSs. I am wondering if any one using a ProxySG 6.5.10.4 in transparent mode is having the same problem? 

0

Related:

How to Configure “Allowed Secure Web domains” in Secure Mail

On Android MDX policy settings on Secure mail:

1. Add {package=com.android.chrome} under Restricted Open-In exception list

( the package ID is for Chrome browser)


2. Add the DNS suffix of the internal site under Allowed Secure Web domains

3. For any other third party browser, use the below formatting accordingly

{package=<packageID of the browser>}


On iOS MDX Policy settings on Secure Mail:

1. add +^safari: under Allowed URLs

2. add ,safari: under App URL schemes

3. Add the DNS suffix of the internal site under Allowed Secure Web domains

Note: On Android end users would be prompted to select native browser(Chrome) or Secure Web due to OS limitation. However on iOS, user will be automatically redirected to designated browser.

Related:

The feature “Allowed Secure Web domains” in the Secure Mail MDX Policy doesn’t work as expected

On Android MDX policy settings on Secure mail:

1. Add {package=com.android.chrome} under Restricted Open-In exception list

( the package ID is for Chrome browser)


2. Add the DNS suffix of the internal site under Allowed Secure Web domains

3. For any other third party browser, use the below formatting accordingly

{package=<packageID of the browser>}


On iOS MDX Policy settings on Secure Mail:

1. add +^safari: under Allowed URLs

2. add ,safari: under App URL schemes

3. Add the DNS suffix of the internal site under Allowed Secure Web domains

Note: On Android end users would be prompted to select native browser(Chrome) or Secure Web due to OS limitation. However on iOS, user will be automatically redirected to designated browser.

Related: