This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Akamai Services - "Can't connect to the server"

Hello,

 

in our company we are using a software that uses Akamai Services to download the latest exchange rates.
Unterfortunately the Web Appliance seems to block this service. I already tried to Whitelist the server, where it is downloading them from, but it didn't help.

I can't find a way to whitelist a Akamai Service in specific. Can you please help me with this?



This thread was automatically locked due to age.
Parents
  • Hi Rick1231

    It's probably not possible to resolve this via the forums, the applaince is only a web proxy and should only process traffic from one of the supported browsers (ie, no applications, pdf machines or any infrastructure)  supported-devices   The recommended solution is to bypass the appliance.

     

    However:

    You could try testing the site and dumping the sophos_log file to a syslog file and see InterpretingLogFiles

    this would allow you to view every single packet and see the actual requests (you may need to add all of them to the local site list as trusted to avoid scanning)

     

    other considerations:

    ensure all of the sites are set to trusted

    check policy for categories set to "warn" and change them to allow or block

    disable authentication for the workstation and make sure "authenticate all requests" is  NOT checked off if deployed in explicit

    ensure traffic is not forked or using ports other than 80/443 . If you are using a redirection device such as wccp the redirection device may not see it as web traffic and send it out the gateway. 

    if the site is https:

    add the site to https scanning exemptions

    add the site to certificate validation exemptions

    check the site on ssllabs anything lower than a C+ will probably fail.

Reply
  • Hi Rick1231

    It's probably not possible to resolve this via the forums, the applaince is only a web proxy and should only process traffic from one of the supported browsers (ie, no applications, pdf machines or any infrastructure)  supported-devices   The recommended solution is to bypass the appliance.

     

    However:

    You could try testing the site and dumping the sophos_log file to a syslog file and see InterpretingLogFiles

    this would allow you to view every single packet and see the actual requests (you may need to add all of them to the local site list as trusted to avoid scanning)

     

    other considerations:

    ensure all of the sites are set to trusted

    check policy for categories set to "warn" and change them to allow or block

    disable authentication for the workstation and make sure "authenticate all requests" is  NOT checked off if deployed in explicit

    ensure traffic is not forked or using ports other than 80/443 . If you are using a redirection device such as wccp the redirection device may not see it as web traffic and send it out the gateway. 

    if the site is https:

    add the site to https scanning exemptions

    add the site to certificate validation exemptions

    check the site on ssllabs anything lower than a C+ will probably fail.

Children
No Data