Configuring anonymous proxy detection and monitoring
Anonymous proxies are typically used to circumvent security policies, allowing users to access prohibited recreational, adult or other non-business sites by tunneling this traffic over a regular or encrypted HTTP session. Anonymous Proxies also provide anonymity; users accessing websites through an Anonymous Proxy cannot easily be traced back to their original IPInternet protocol.
Exinda Appliances have built-in support for anonymous proxy detection. The Exinda Appliance receives daily updates from www.exinda.com containing updated anonymous proxy definitions, much like anti-virus applications receive daily threat updates.
The anonymous proxy application is a special application object that is used to detect anonymous proxy websites and services. However, the anonymous proxy service is disabled by default.
If the anonymous proxy service is enabled, the Exinda appliance fetches a list of anonymous proxy definitions from the Exinda web servers on a daily basis.
An application object called 'Anonymous Proxy' is automatically created. The Anonymous Proxy application tracks all traffic sent through one of the anonymous proxies in the list. This application object is displayed in the monitoring reports like any other application object and can also be used in the Optimizer policies.
NOTE
- Anonymous Proxy classification only occurs if the Anonymous Proxy ASAM module is enabled on the Configuration > System > Setup > Monitoring page.
- In order to receive daily Anonymous Proxy definition updates, the Exinda appliance must be able to contact the Exinda web servers and the appliance must also have a valid software subscription.
The form to enable the Anonymous Proxy service to keep of list of anonymous proxy sites.
The form to enable/disable the Anonymous Proxy ASAM required for classification.
Where to configure it
- To enable the anonymous proxy service, go to Configuration > Objects > Applications > Anonymous Proxy.
- To enable the anonymous proxy traffic classification, go to Configuration > System > Setup > Monitoring.
To enable the anonymous proxy traffic classification
- Check the Auto Update Service Enable checkbox. The appliance will communicate with the Exinda web servers daily and fetch any new anonymous proxy definitions.
- Ensure that the Anonymous Proxy ASAM module is enabled by going to the Configuration > System > Setup > Monitoring page and ensuring the Anonymous Proxy checkbox is checked in the ASAM section. The Anonymous Proxy ASAM is on by default. The appliance will classify traffic by matching the traffic against the anonymous proxy list.
To see when the appliance last updated the anonymous proxy definitions
- Look at the Settings section.
- The Last Check field indicates the last time that the appliance checked the Exinda service for new anonymous proxy definitions.
- The Last Update field indicates the last time new anonymous proxy definitions were found and updated.
To force a check of the anonymous proxy definitions
Click the Renumerate button. The appliance will check the Exinda web servers immediately to check for new anonymous proxy information.
To disable the anonymous proxy traffic classification
- Uncheck the Auto Update Service Disable checkbox.
- Disable the Anonymous Proxy ASAM by going to the Configuration > System > Setup > Monitoring page, unchecking the Anonymous Proxy checkbox in the ASAM section, and clicking the Apply Changes button. Disabling the ASAM will clear the existing anonymous proxy definitions.