Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 15 subscribers
  • Views 5486 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enpoint Central couldn't install with https filtering active

BENOITLORAND

Hello all,

 

I'm having an issue into a customer office. I have a Sophos UTM 9 with https decrypt and scan active. When I want to install Sophos Endpoint Central, many connections to https://52.16.36.153/ or other ip (https://52.213.87.124/, https://54.77.141.191/) who are protected by SSL certificate *.prod.hydra.sophos.com

Same constatation with https://87.248.214.67/ or https://178.79.251.10/ who are protected by ssl certificate downloads.sophos.com

 

So the certificate doesn't match to the url, and UTM deny connections.

 

How can i install Sophos Endpoint Central with https scanning active ?

 

Best regards,

Benoit



This thread was automatically locked due to age.
Parents
  • 0

    HI BENOITLORAND, 

    You may need to exclude in HTTPS scanning exceptions, 

    [A-Za-z0-9.-]*-wdx-[A-Za-z0-9.-]*\.broker\.sophos\.com/
    ^[A-Za-z0-9.-]*\.cwg\.sophos\.com/
    ^[A-Za-z0-9.-]*\.hydra\.sophos\.com/
    ^[A-Za-z0-9.-]*\.mojave\.net/
    ^[A-Za-z0-9.-]*\.upe\.p\.hmr\.sophos\.com/
    ^mcs[0-9]*-[A-Za-z0-9]{4}-d\.broker\.sophos\.com/
    ^mcs[0-9]*-[A-Za-z0-9]{4}\.broker\.sophos\.com/
     
    Bypass for 
    HTTPS Decryption
    Malware Scanning
    Sandstorm
    Policy Checks

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    There is also an issue with mismatched certificates. Our clients are using the following preferred server:

    https://foo.example.sophos.com/

    However, the web server is using a wildcard cert for *.prod.hydra.sophos.com

    This has halted automated installs of Windows since we have to manually intervene by opening the above URL in IE and accepting the certificate. Adding the URL or *.sophos.com to our trusted sites list does not make it go away. Previously installed clients are getting policy from an update server on our LAN but new installs are failing or taking considerably longer than usual to complete -- often with manual intervention as above but then still waiting a long time for the encryption and other policies to be received. Please advise on whether this is an ongoing issue. I have opened case # 7066879 but only this morning after waiting two days for my SophosID to start working again.

  • 0 in reply to gdriggs

    HI gdriggs, 

    After excluding the URLS the certificate should not be an issue . It will allow it and opening via Browser will not help unless you are testing the certificate is of XG or others

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply Children
No Data
Unfiltered HTML