We have been seeing some reports lately of users having problems logging into the Conceptual Energy Analysis (CEA) tool when connected to their networks. To use CEA through proxy servers with Authentication enabled, enable access to the following URLs in the proxy without Proxy Authentication (anonymous access through the proxy):
*.autodesk.com
*.google-analytics.com
*.cloudfront.net
For example, the following screenshots illustrate the rule on a proxy server (Microsoft ISA proxy) to enable All Users to Autodesk CEA sites without authentication:
In addition, here are some other related questions & answers:
Why can’t we use IPs for the firewall rules?
The Single Sign-On solution from Autodesk takes advantage of Akamai for network route optimization. Because the Akamai network has many (1000s) of edge nodes which change over time, it is not advisable to filter based on IP addresses. If filtering is required, then it should be done by URL (*.autodesk.com).
Why should we enable special rules in the proxy server for certain URLs?
Some components within CEA don’t send authentication information to the proxy server; hence an exception rule is required on the proxy to enable these communications anonymously.
Should we enable the proxy server within Conceptual Energy Analysis?
If Internet Explorer is configured to use the proxy (either manually or automatically), then Conceptual Energy Analysis will use the same proxy settings.
What if we don’t use proxy servers and access the control list directly on the firewall?
If the rules can be added with DNS names you could use the above mentioned URLs to allow the traffic.
Special thanks to Autodesk's Hashim Mundol for this great CEA information!
Comments