Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cert Error for Web Block Page

David Ashcroft

For BYOD we are not planning on forcing users to download the Sophos Cert, we are not performing any HTTPS packet inspection on our wireless networks so users should just be able to connect and browse. This appears to be working without issues apart from one thing.

We are still blocking some categories such as gambling, pornography etc. These sites are being blocked successfully, however instead of displaying the block page, it just comes up a certificate error. Is thee any way of getting the block page to show without having the Sophos Cert installed on the end user devices?

This is not a problem for our corporate network since we have the Sophos Cert pushed out via GPO, so everything displays correctly.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi David Ashcroft,

    If you are blocking a category such as Gambling and a user goes to https://www.pokerstars.com/ then you want that web request to be blocked. The web proxy sees that the client is trying to go somewhere they should not and wants to display a block page. In order to do so, they need to do man-in-the-middle decryption so that it can insert a block page that pretends to be www.pokerstars.com.

    Check out this KBA for more detail : HTTPS Decrypt and Scan FAQ.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi David Ashcroft,

    If you are blocking a category such as Gambling and a user goes to https://www.pokerstars.com/ then you want that web request to be blocked. The web proxy sees that the client is trying to go somewhere they should not and wants to display a block page. In order to do so, they need to do man-in-the-middle decryption so that it can insert a block page that pretends to be www.pokerstars.com.

    Check out this KBA for more detail : HTTPS Decrypt and Scan FAQ.

    Thanks,

Children
Unfiltered HTML