Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 9331 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection / Web Filtering not working on Windows clients

cmp828

Hello,

I am working with the web filtering / HTTPS scanning. When I import the certificate my Linux / Ubuntu computers work just fine. Chrome and Mozilla work just fine with the HTTPS scanning. But loading the cert on Windows and HTTPS pages do not work or are not formatted right and much of the page data is missing. USA Today is my test example I use to test https site with the filtering.

 

Running UTM ver 9.506-2

 

under Web Protection, Filtering Options I click on the HTTPS CAs and I click on the Download button to get my certificate that I am to load on all the clients / computers on my home network.

 

I am using basically factory defaults for rules and the filters. I basically just enabled web filtering and grabbed the certificate.

Under Web filtering on the Global tab I am using Transparent mode.

Policies Tab just has the Base Policy enabled and no others.

After importing the certificate into my two Ubuntu machines, they work fine, I assume on the windows computers it is not being uploaded in the right spot?

I did find some previous related posts to help me set up the filtering and get the certificate downloaded and installed, but did not find any real specific to address what I experience on Windows.

Running IE as Administrator I did install the cert into Trusted Root Certifaction Authorities and windows did say import successful, yet USA Today site is messed up.

When importing the cert I did try 4 options on import.

Current User and Local machine.

For each choice I loaded the certificate, first letting it decide where to install it and then the second time I said put it into Trusted Root Certifaction Authorities .

This was done for both current  user and local machine.

Still no luck. Am I missing something obvious in Windows?

All my computers are in workgroup mode. No domain controllers or AD.

 

Ideas / suggestions to try or is there a better global location to install the certificate under?

 

Chad



This thread was automatically locked due to age.
Parents
  • 0

    Formatting problems imply timing issues, not certificate problems.   Reloadung the page usually resolves the problem.  In my experience, this problem is rare, but it may depend on your UTM hardware and network speed.

    Edge browser will not display certificate details (bad move Microsoft), but other browsers will.   In IE use file...properties, then certificate button.  In Chrome, use menu... Tools...developer tools... Security tab... certificate button.   In either case, you should see a certificate chain back to your utm-issued root.  Don't remember details for Firefox.

    Some sites are funky and may need an antivirus exception or a https scanning exception or even a complete proxy bypass.

    But before lowering your security posture, check the web filter logs and the intrusion prevention logs to see if any content is being blocked.  If they have no clues, decide whether the site is essential enough and trusted enough to weaken your security posture by granting an exception.

Reply
  • 0

    Formatting problems imply timing issues, not certificate problems.   Reloadung the page usually resolves the problem.  In my experience, this problem is rare, but it may depend on your UTM hardware and network speed.

    Edge browser will not display certificate details (bad move Microsoft), but other browsers will.   In IE use file...properties, then certificate button.  In Chrome, use menu... Tools...developer tools... Security tab... certificate button.   In either case, you should see a certificate chain back to your utm-issued root.  Don't remember details for Firefox.

    Some sites are funky and may need an antivirus exception or a https scanning exception or even a complete proxy bypass.

    But before lowering your security posture, check the web filter logs and the intrusion prevention logs to see if any content is being blocked.  If they have no clues, decide whether the site is essential enough and trusted enough to weaken your security posture by granting an exception.

Children
  • 0 in reply to DouglasFoster

    Thank you, I will try the exceptions, for USA Today News site. I am sure I can trust that to a little bit more. I will experiment with some other web sites. Pressing reload does not fix it. I have tested on the Windows machines, in IE, the new Windows 10 browser app, Chrome, and  Mozilla and all do the same on Windows.

    My web site on GoDaddy uses self signed and I believe it worked fine on the Windows side. I don't know to many HTTPS sites off hand to test with. I have a core duo 3Ghz CPU and 4 gigs ram for the UTM computer. CPU load is less than 20% and only using about 40% of the 4 gigs. So UTM is not being bogged down. I have "up to" 150 meg cable modem download speed so I feel it is not the Internet connection. Again, comparing the Windows 10 VM and my Ubuntu Desktop with Mozilla, the Website is correct and works fine on the Linux side, just something in  / on the Windows side.  I will check a few more things and try some experimenting, on call this week so don't want to mess up home network and break VPN abilities to work. At least with web filter it is one switch to turn on or off.

     

    Thank you very much for your thoughts and suggestions to look further into. I just figure if it works in Linux, it should work on Windows. But issue just seems to be on the Windows machines only.

     

    Chad

  • 0 in reply to cmp828

    Just tested that site with Standard Mode using Chrome and Transparent Mode using IE 10, both with https decrypt-and scan enabled (and verified using the process I described).   Both tests displayed normally for me.  But I have a high-end UTM appliance and a synchronous internet connection.

      

  • 0 in reply to DouglasFoster

    Thank you, for testing against your configuration. I know news sites and many others pull content from all over from other sites and things. I am sure I just make an exception to USA Today and all will be fine.  I will be working more on the UTM in the next week or two. The HTTPS scanning was the first goal I had, next will be setting back up my HTML5 VPN connections, then getting all my Vlans configured.  I know when I tested my HTTPS website on GoDaddy it appeared to work fine, so like you say, the old dual core 3ghz unit I am running on and the Cable modem connection might be an issue, at least on the Windows side, but all works well and Wonderful on the Linux side. And it is the Linux side that I do 95% of all my work on. As far as guests or doing any serious web surfing on a windows machine, no so much for me. SO I might just turn it back on and run with it since all my Linux systems do well. And as long as I can patch and update Windows and Linux without issues, I am good to go. Again thank you very much for checking USA Today against your configuration.

    Chad

  • 0 in reply to cmp828

    I just had the formatting problems that caused your original question.   At site was blocked by my Country Blocking rules.   I created a url filtering exception so that it would not be blocked, but then it was formatted incorrectly.   After checking the logs, I realized that there was an embedded site reference that also needed an exception.   Once both the master site and the subsidiary site were both unblocked, the page displayed perfectly.

    So the problem may have more to do with dependent pages being blocked and less to do with timing issues.

Unfiltered HTML