This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPs Scanning UTM 9

Hi everyone,

 

I am writing you, because I cannot setup properly Https scanning (Decrypt and Scan in Filter transparent mode) with this option Sophos decrypt and scan all HTTPS traffic, I want to make a list of exception when traffic will go without decrypt and scan. First of all I configured and turn on  Decrypt and Scan in Filter transparent mode on and made changes in settings Filter Option --> Misc --> Nets or Skip Transparent Mode Destination Hosts and added DNS host example *.bloomberg.com and common bloomberg.com, but it did not help me the sophos continue to scan https traffic. Could you tell me what I am doing wrong?

 

Thank you in advance.



This thread was automatically locked due to age.
  • Sveiki Vladimir and welcome to the UTM Community!

    Please show a line from the Web Filtering log where the Proxy was not skipped.  Also pictures of the Edits of the configuration you hoped would cause the traffic to skip the Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Error Web Filtering Log: Sophos Machine httpproxy[5522]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1621" message="Read error on the http handler 104 (Input/output error)"

     

    At the beginning I did the following: I turned on Decrypt and scan Transparent mode and added website Skip Transparent Mode Destination Hosts, unfortunately it did not help. So, I decided to add websites to exception list Filter Options-->exceptions and exclude ssl scanning. Now everything works fine.Trusted websites is not scanned by Sophos

    But there is additional issue, where can I get worldwide trusted websites (Banks,Government websites and added it to list), because it will take a lot of time to add 100 websites in list. 

  • Have you read my post "Troubleshooting Web Filtering"?

    You did not distribute the UTM CA certificate.

  • Ofcouse, I red troubleshoot Web Filtering twice. Even more, the root of the problem is not in the CA UTM certificate, because my idea is in bypass ssl scanning for particular websites such as banks and government. In other words when you goes to website https://bloomberg.com the original certificate should not be changed to UTM CA certificate and bypass ssl scanning. This was the main problem. I can easily implement certificate to Trusted Root Certification Authorities, but I do not want to make Man in the middle  attack  for websites in my list. 

    From my point of view there is only one way add websites to Filter Options --> Exceptions --> Https scanning in this case you will avoid ssl scanning from the website  list, but there is one thing how to upload 100 trusted worldwide websites and do not input it manually. 

     

    Thanks everyone for support. I will implement CA UTM certificate later via GPO. 

  • I'm a bit confused by your pictures and log line.  We don't see alibaba referenced in the log line.  Your picture shows the middle of adding a DNS Host to the Skiplist (did you Save and Apply?), but this is for aliexpress.com instead of alibaba as you have in your Exception.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I am carry about security and cannot show you all my settings,on the picture available only key idea, but not step by step manual. Yes I saved it and applied it. If you want to skip ssl scanning for particular website you will need to setup Filter Options-->Exceptions and ofcouse add the CA UTM certificate to trusted root certification on Workstation machines. In this case the websites in exception will be not scanned by UTM and all others will be. 

    I will repeat it is very difficult to add website to exception list one by one manually, if you have list 100 webpages. Unfortunately, I did not find any worldwide trusted domain which I can simply import. 

     

  • I usually add the Finance/Banking, Health and Pharmacy categories to my exception so that there are very few other individual sites that must be added.  If you have a list of the domains you'd like to add to your Exception, see if most don't already belong to a trusted category: http://www.trustedsource.org/en/feedback/url?action=checksingle.  From that link you also can sign up for a free account that allows you to submit text lists of up to 100 domains at a time.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • A lot of thanks for your assistance, you save me a lot of time. I hope I do everything right.

    I found the starting Luminor page in Latvia, is in wrong category of filter ( Marketing/Merchandising) should be - Finance/Banking. It is a reason why a prefer to do my own list of trusted websites. 

     

    Thank you everyone for support. 

     

  • You can do a list all at once.   Here is the process:

    • Prepare your list.   You probably want to use domains (example.com), not host names (www.example.com), as you want to exempt the organization.
    • Go to Web Protection.. Filtering Options... Websites.
    • Click the [New] button
    • Paste in your list of domains.   Ensure to check the box for "Include Subdomains"
    • In the Website Tags box, create a new tag for "HTTPS Scanning Bypass" and verify that it appears in your selected tags list.
    • Save your changes.
    • (This will actually create one object for each entry in the list, but you get to create them all at once.)
    • Go to Web Protection... Exceptions...
    • Create a new exception
    • Check the box to exclude SSL Scanning
    • At the bottom, choose "Going to websites tagged as".   Use the folder icon to select the "HTTPS Scanning Bypass" tag that you created earlier.
  • Thank you. I like this approach.  I will try to create Filtering Options-->Websites and check it.