InterScan Web Security Virtual Appliance (IWSVA) is configured in forward proxy mode. However, users cannot access certain HTTPS URLs when user/group (LDAP) name authentication is enabled. The following error message appears:
"A connection to the View Server https://view.domain.com/ could not be established. Could not connect through proxy settings."
When using IP authentication, the website comes up without any issue.
This issue occurs because UserID Caching is disabled. This causes some packets to be dropped due to LDAP AD communication timeouts. By default, UserID Caching is disabled in IWSVA.
To address this issue, enable UserID Caching using the steps below:
- Look for and open the intscan.ini file using a text editor.
- Look for the following parameter and change its value to "yes" to enable cache.
- Save and close the intscan.ini file.
- Execute the following commands to restart the HTTP daemon:
If you do not want to enable UserID Caching, you can add the URL(s) to the Global Trusted List to bypass the LDAP authentication when accessing the site. To do this:
- Log in to the IWSVA web console.
- Go to HTTP > URL Access Control > Global Trusted URLs
- Select the Enable Trusted URLs checkbox.
- Type in the following in the Match field:
- Click Trust to add the URL to the list.
- Click Save for the changes to take effect.