5 Replies Latest reply on Sep 9, 2010 11:01 AM by jswan

    NTA doesn't show user details such as ip address, shows proxy server instead

    rsteve

      how do i deploy/configure NTA to show user details such as ip address to show on my dashboard. it only reflects my proxy server communicating to websites instead of endpoint details. need your help...

        • Re: NTA doesn't show user details such as ip address, shows proxy server instead
          jswan

          It sounds like you are receiving NetFlow export from a device in front of the proxy. If you want to see details of devices behind the proxy, you need to configure your infrastructure devices behind the proxy for NetFlow export to NTA.

            • Re: NTA doesn't show user details such as ip address, shows proxy server instead
              rsteve

              This is our current set-up: Workstations are directly connected to a Cisco 4506 Switch which is directly connected to a Core Switch 6509.  Workstations are accessing the Internet using a Linux Proxy server.  We have enabled netflow on the Core Switch.  But still, we cannot see any conversations from workstation to external sites.  We tried testing a workstation that does not use any proxy, still same results.  Do we need to add the Proxy server for us to able to monitor conversations from pc to websites???  Note that our proxy server is a linux one.  We can't add it on the NPM though it already has the enabled SNMP. 

              Anyone?? 

                • Re: NTA doesn't show user details such as ip address, shows proxy server instead
                  jswan

                  If the proxy server is a regular one where each client browser has to be explicitly configured with the hostname/IP address of the proxy server, there's no way to see the client conversations in NetFlow. This is because the destination IP address for the client is actually the proxy server itself; the proxy terminates the HTTP session with the client, proxies it out to the Internet, then feeds the result back to the client. NetFlow isn't aware of this; in your case it only sees the flows between the proxy server and the Internet.

                  If you want to see your client activity in a case like this, the only option is to look at the proxy server logs.

                  If you can change your proxy server configuration to an "intercepting proxy" aka "transparent proxy", where the client isn't aware of the proxy's existence and the source/destination IP address aren't rewritten from the client's perspective, then you could place your NetFlow exporter on the client side of the proxy server and see the full conversation details in NTA. In your case, the 4506 may or may not support NetFlow export, depending on what Supervisor it has.