I have been trying to get https scanning implemented on my home network. So far, by using Sophos Network Agent, I have been able to get it functioning on my win10 devices (laptops) and my android devices but am struggling to get it working on my ipad, though have (sort of) been able to get it working on my iphone 6. Specifically, on my ipad I can’t seem to find a way to install the appliance scanning certificate into Sophos Network Agent (SNA).
I tried downloading the certificate that http://passthrough.fw-netcacert.pem as mentioned in the final post here https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/46800/deploy-https-certificate-to-ios but got notwhere.
After some digging around I found this post https://community.sophos.com/products/xg-firewall/f/web-protection/108583/import-securityappliance_ssl_ca-into-ios-devices and worked out that I need to use Safari to download the scanning certificate from the user portal to my device, as described here https://community.sophos.com/kb/en-us/123755
So far so good, but having gotten the certificate on my ipad I find I am then unable to open the certificate in SNA. If I perform a long click on the certificate via there is no option to open it in SNA. This post https://community.sophos.com/products/xg-firewall/f/web-protection/108583/import-securityappliance_ssl_ca-into-ios-devices talks about downloading the certificate directly from my device, and renaming it to perform the install, but in my install of 17.5 MR9 I have no option to download directly from the device :
Scratch that idea then.
Returning to the knowledge base / community forums I found these posts re appliance certificates in IOS 13
If I follow the IOS app link on the KB123755 page from my laptop, I get to the app store preview page which has the following comment on a 1 star review (curiously doing the same from my ipad / iphone there are no reviews at all so I can’t see if there are any more upto date comments):
so it seems apple (as is their want) made some changes which stopped the installation of certificates; though apparently this was fixed for IOS13 in 17.5 MR9.
I think i have gone as far as I can in trying to work out how to install my appliance certificate on my ipad. My sense of what I have found online and read is that apple made some changes, broke things and whilst a fix has been issued in 17.5 MR9 for IOS 13.x that either doesn’t apply to ipadOS 13.x or didn’t fix it.
Is there currently any way to install the appliance certificate into SNA for my ipad? Is this a known issue and is there a fix coming ? What about V18 ? has this been resolved in EAP3 /will it be resolved before going to GA ?
Seems my current options are to either have my device bypassed from https scanning (and / or maybe find a device level filter I can apply) or to effectively block my ipad from the internet at home. Neither of which are ideal.
Can anyone help ?
Matt
Devices:
Sophos XG 17.5 MR9, Home license, 4GB RAM
2 x win10 laptops (V 1909)
1 x Samsung S3 tablet (Android 8.1)
1x Samsung Note 9 (Android 9)
1 x Apple ipad air (2019), ipadOS13.3
1x iphone 6 (IOS 12.4.4)
1x iphone X (IOS 13.x)
This thread was automatically locked due to age.
