 |
reinhold.leitner@applicgate.com (C) December 2024 www.applicgate.com |
$$$$$$$$$$$$$$$$$$$$$$$$$ Establish autologon session via reverselogon $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Extract of logfiles, servers are in different time zones. ========================SRV0: Start of autologon session via existing reverselogon link ============================ 900: RtID:4 2019-02-07 19:35:25 autologon starting ... 900: RtID:4 accepted 900: Processing forward entry, DestinationIP: srv1@test.com:X1 24: sending... Link900+X1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 0.0.0.0;0.0.0.0;0;; ========================SRV1: Start of autologon session =========================================================== 1: ReadCallbackAutologon: Link900+X1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 0.0.0.0;0.0.0.0;0;; 1: Open new autologon session .... 10: RtID:2 2019-02-07 20:35:03 autologon starting ... 10: Connect to 10.10.1.1 port 443 10: Connection successful 10: ConnectCallback Setup SSL as client.. 10: Server successfully authenticated, SslProtocol: Tls12 10: Sending ... GET /newlink?Link900+X1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV1 10: mapping to incoming entry RtID:4 10: RtID:4 accepted 10: Waiting for reverselogon data.. 10: NewConnection2-reverselogon-BeginAuthenticateAsServer-SSLoverSSL.. ========================SRV0: link incoming session to original one and transmit reverselogon information ========== 901: New incoming TCP connection 2019-02-07 19:35:25 ; SourceIP: 10.20.1.1 SourcePort: 53322 GatewayIP: 10.10.1.1 GatewayPort: 445 901: RtID:2 accepted 901: Client successfully authenticated, SslProtocol: Tls12 901: Remote cert was issued to E=srv1@test.com, CN=srv1, O=Test and is valid from 1/7/2019 7:01:20 PM until 1/7/2021 7:11:20 PM 901: Remote cert was issued by CN=TestCA, O=Test 901: EmailName: srv1@test.com, no userPrincipalName found. 901: Waiting for reverselogon data.. 901: received: GET /newlink?Link900+X1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV1 901: reverselogon StateObject removed, session linked to ID 900, 2019-02-07 19:35:26 900: ReadCallbackReverseLogon Setup SSL as client using existing SSL stream.. 900: Server successfully authenticated, SslProtocol: Tls12 900: Sending ... GET /reverselogon?Y1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV0 Content-Length: 273 Function;RuleID;GatewayIP2;DestinationIP;DestinationPort;Expiration;Type;UID;Comment;eMail autologon;Y1;forward;srv1@test.com:X1;53322;~;TTL:6,SSLTARGET:srv1.test.com,SSLCC:srv0@test.com.cer,RETRY:2;Z100.1a;autologon via forward; incoming;Y1;status;*;*;*;LGD;Z101;Status; =======================SRV1: Accept logon ========================================================================== 10: Client successfully authenticated, SslProtocol: Tls12 10: Remote cert was issued to E=srv0@test.com, CN=srv0, O=Test and is valid from 01/02/2019 20:15:47 until 01/02/2022 20:25:46 10: Remote cert was issued by CN=TestCA, O=Test 10: EmailName: srv0@test.com, userPrincipalName: srv0@test.com 10: received: GET /reverselogon?Y1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV0 Content-Length: 273 Function;RuleID;GatewayIP2;DestinationIP;DestinationPort;Expiration;Type;UID;Comment;eMail autologon;Y1;forward;srv1@test.com:X1;53322;~;TTL:6,SSLTARGET:srv1.test.com,SSLCC:srv0@test.com.cer,RETRY:2;Z100.1a;autologon via forward; incoming;Y1;status;*;*;*;LGD;Z101;Status; 10: set TTL to 6 10: sending... HTTP/1.1 200 Login Accepted Server: ApplicGate/9.0.6976.37749 SRV1 Content-Length: 9 Rules: Y1 =======================SRV0: Receive acceptance ==================================================================== *2019-02-07 19:35:26.579* 900: ReadCallbackAutologon: HTTP/1.1 200 Login Accepted Server: ApplicGate/9.0.6976.37749 SRV1 Content-Length: 9 Rules: Y1 $$$$$$$$$$$$$$$$$$$$$$$$$ Data Link $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ =======================SRV1: Start data link ======================================================================= 11: New incoming TCP connection 2019-02-07 20:35:16 ; SourceIP: 10.20.3.3 SourcePort: 53326 GatewayIP: 10.20.1.2 GatewayPort: 777 11: RtID:5 accepted 11: Processing forward entry, DestinationIP: srv0@test.com:Y1 10: sending... Link11+Y1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 10.20.3.3;10.20.1.2;777;; =======================SRV0: Receive link request and and request a new link via forward =========================== 900: ReadCallbackAutologon: Link11+Y1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 10.20.3.3;10.20.1.2;777;; 900: Open new autologon session .... 902: RtID:4 2019-02-07 19:35:39 autologon starting ... 902: RtID:4 accepted 902: Processing forward entry, DestinationIP: srv1@test.com:X1 902: Copy original remote info: 10.20.3.3;10.20.1.2;777;; 24: sending... Link902+X1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 10.20.3.3;10.20.1.2;777;; =======================SRV1: Receive link request and start autologon ============================================== 1: ReadCallbackAutologon: Link902+X1 SourceIP;GatewayIP;GatewayPort;logonUser;IssuerOfLogonCertificate 10.20.3.3;10.20.1.2;777;; 1: Open new autologon session .... 12: RtID:2 2019-02-07 20:35:16 autologon starting ... 12: Connect to 10.10.1.1 port 443 12: Connection successful 12: ConnectCallback Setup SSL as client.. 12: Server successfully authenticated, SslProtocol: Tls12 12: Sending ... GET /newlink?Link902+X1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV1 12: mapping to incoming entry RtID:4 12: RtID:4 accepted 12: Waiting for reverselogon data.. 12: NewConnection2-reverselogon-BeginAuthenticateAsServer-SSLoverSSL.. =======================SRV0: Accept link request and map to incoming ============================================== 903: New incoming TCP connection 2019-02-07 19:35:39 ; SourceIP: 10.20.1.1 SourcePort: 53327 GatewayIP: 10.10.1.1 GatewayPort: 443 903: RtID:2 accepted 903: Client successfully authenticated, SslProtocol: Tls12 903: Remote cert was issued to E=srv1@test.com, CN=srv1, O=Test and is valid from 1/7/2019 7:01:20 PM until 1/7/2021 7:11:20 PM 903: Remote cert was issued by CN=TestCA, O=Test 903: EmailName: srv1@test.com, no userPrincipalName found. 903: Waiting for reverselogon data.. 903: received: GET /newlink?Link902+X1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV1 903: reverselogon StateObject removed, sessions linked to ID 902, 2019-02-07 19:35:39 902: ReadCallbackReverseLogon Setup SSL as client using existing SSL stream.. 902: Server successfully authenticated, SslProtocol: Tls12 902: Sending ... GET /newlink?Link11+Y1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 SRV0 902: mapping to incoming entry RtID:5 902: RtID:5 accepted 902: Waiting for status request.. =======================SRV1: Map link to original one ============================================================= 12: Client successfully authenticated, SslProtocol: Tls12 12: Remote cert was issued to E=srv0@test.com, CN=srv0, O=Test and is valid from 01/02/2019 20:15:47 until 01/02/2022 20:25:46 12: Remote cert was issued by CN=ApplicGate Test CA, O=ApplicGate Network Security 12: Warning: SERIALNUMBER/GID not found! 12: EmailName: vm1.rsp@applicgate.com, userPrincipalName: vm1.rsp@applicgate.com 12: received: GET /newlink?Link11+Y1 HTTP/1.1 User-Agent: ApplicGate/9.0.6976.37749 VM1 *2019-02-07 20:35:17.091* 12: reverselogon StateObject removed, sessions linked to ID 11, 2019-02-07 20:35:17 =======================SRV0: Receive first data =================================================================== *2019-02-07 19:35:39.748* 902: ReadCallbackSt: main *2019-02-07 19:35:39.748* 902: Sending status..
|
reinhold.leitner@applicgate.com (C) December 2024 www.applicgate.com |