Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
207
Views
0
Helpful
4
Replies

Allowing Signal Desktop App through Cisco WSA proxy

DataNut1775
Level 1
Level 1

‎04-22-2024 11:02 AM

Hello everyone,

I have a Cisco Secure Web Appliance S300V for my company's proxy server. We have been recently directed to utilize the Signal Desktop App for communication and unfortunately I have run into every issue while getting this to work. The QR code used to authenticate to the app won't display. I tried making a custom URL category for ".signal.org" and "chat.signal.org" and also tried exempting it through the local proxy settings but it still won't work. When I do a policy trace for "chat.signal.org" I get a Connection to Origin Server Failed and Request blocked: Gateway timed out.

If anyone can walk me through how to make this happen I would greatly appreciate it!

Labels:
0 Helpful
4 Replies 4

amojarra
Cisco Employee
Cisco Employee

‎04-22-2024 01:25 PM

Hello @DataNut1775 

Hope you are doing fine and thanks for reaching out,

 

[1] Gateway timed out. --> you need to make sure the URL is reachable and/or valid 

[2] can you please check the Accesslogs, ( you can filter for your client IP address. ) and lets see what are the URLs ( maybe there are some more ) and also what is the WSA's response. 

[3] I would say, that would be nice to have a PCAP in WSA as well, filter for client IP and Websites IP address

you can use a custom filter like this in the PCAP, please replace the x.x.x.s with the IP addresses 

( host x.x.x.x or host x.x.x.x or host x.x.x.x ) 

Screenshot 2024-04-22 at 10.23.53 PM.png

A side question the URL chat.signal.org is HTTP and not HTTPS ? 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++        If you find this answer helpful, please rate it as such      ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

 

 

0 Helpful

DataNut1775
Level 1
Level 1
In response to amojarra

‎04-22-2024 01:59 PM

Hello, 

The URL is reachable because I can access this on our management network that doesn't go through a proxy. Our client network is configured to where it needs a proxy to communicate.

I do not see "Support and Help" feature on my GUI, and I'm logged ina s the admin account

I pulled a debug log from the application itself and pasted it below. The only thing I can see from it is that errors out when connecting to chat.signal.org and also when when attempting to connect to unauthenticated socket.

The chat.sign.org is HTTPS. we do not currently have HTTPS proxy enabled. But I added 443 to the ports for the Web Proxy.

at [REDACTED]\resources\app.asar\preload.bundle.js:68:4534
at Timeout._onTimeout ([REDACTED]\resources\app.asar\preload.bundle.js:21:6507)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
ERROR 2024-04-22T17:48:03.362Z GET (WS) https://chat.signal.org/v1/config 0 Error
ERROR 2024-04-22T17:48:03.393Z account.registerSecondDevice: got an error TimeoutError
at getQRCode ([REDACTED]\resources\app.asar\preload.bundle.js:108:119004)
at [REDACTED]\resources\app.asar\preload.bundle.js:108:119482
at fk ([REDACTED]\resources\app.asar\preload.bundle.js:76:6851)
at Hs.unstable_runWithPriority ([REDACTED]\resources\app.asar\preload.bundle.js:68:46764)
at gg ([REDACTED]\resources\app.asar\preload.bundle.js:72:40736)
at Oj ([REDACTED]\resources\app.asar\preload.bundle.js:76:6276)
at [REDACTED]\resources\app.asar\preload.bundle.js:76:6176
at V ([REDACTED]\resources\app.asar\preload.bundle.js:68:45749)
at xDe.port1.onmessage ([REDACTED]\resources\app.asar\preload.bundle.js:68:44222)
ERROR 2024-04-22T17:48:03.403Z Top-level unhandled promise rejection: Error: Connection timed out
at [REDACTED]\resources\app.asar\preload.bundle.js:68:4534
at Timeout._onTimeout ([REDACTED]\resources\app.asar\preload.bundle.js:21:6507)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
ERROR 2024-04-22T17:48:04.009Z Error starting update checks: RequestError: createHTTPSAgent.connect: connection timed out
at ClientRequest.<anonymous> ([REDACTED]\node_modules\got\dist\source\core\index.js:970:111)
at Object.onceWrapper (node:events:629:26)
at ClientRequest.emit (node:events:526:35)
at origin.emit ([REDACTED]\node_modules\@szmarczak\http-timer\dist\source\index.js:43:20)
at _destroy (node:_http_client:875:13)
at onSocketNT (node:_http_client:895:5)
at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
at Timeout._onTimeout ([REDACTED]\node_modules\p-timeout\index.js:39:64)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
INFO 2024-04-22T17:48:04.364Z GET (WS) https://chat.signal.org/v1/config
INFO 2024-04-22T17:48:04.365Z SocketManager: connecting unauthenticated socket
INFO 2024-04-22T17:48:04.365Z SocketManager: connecting unauthenticated socket, transport option [original]
INFO 2024-04-22T17:48:13.018Z NotificationService: clearing notification and requesting an update
INFO 2024-04-22T17:48:14.027Z show window
INFO 2024-04-22T17:48:14.027Z NotificationService not updating notifications. Notifications are disabled; app is focused; there is no notification data
INFO 2024-04-22T17:48:14.374Z SocketManager: failed to connect unauthenticated socket due to error: Error: Connection timed out
at [REDACTED]\resources\app.asar\preload.bundle.js:68:4534
at Timeout._onTimeout ([REDACTED]\resources\app.asar\preload.bundle.js:21:6507)
at listOnTimeout (node:internal/timers:573:17)
at process.processTimers (node:internal/timers:514:7)
ERROR 2024-04-22T17:48:14.374Z GET (WS) https://chat.signal.org/v1/config 0 Error
INFO 2024-04-22T17:48:15.375Z GET (WS) https://chat.signal.org/v1/config
INFO 2024-04-22T17:48:15.376Z SocketManager: connecting unauthenticated socket
INFO 2024-04-22T17:48:15.376Z SocketManager: connecting unauthenticated socket, transport option [original]
INFO 2024-04-22T17:48:23.172Z got fast theme-setting value system
INFO 2024-04-22T17:48:23.249Z got fast theme-setting value system
INFO 2024-04-22T17:48:23.413Z Loaded this list of log files from logPath: app.log, main.log

 

0 Helpful

DataNut1775
Level 1
Level 1
In response to DataNut1775

‎04-22-2024 02:14 PM

I can also resolve the chat.signal.org to ip addresses so I know that the host is reachable.

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎04-24-2024 05:53 AM

Hello @DataNut1775 

 

regarding :

I do not see "Support and Help" feature on my GUI, and I'm logged in as the admin account.

[1] can you try another browser please.

[2] if you are not seeing the menu, please open a TAC case.

 

Thank you for sharing the logs.

can you please share the accesslogs as well.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++        If you find this answer helpful, please rate it as such      ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

0 Helpful
Customers Also Viewed These Support Documents