Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS scanning mobile devices

I am trying to enable HTTPS decyrption and scanning for mobile devices in my network. I not sure what i am doing wrong but when i enable HTTPS scanning in the firewall rule browser traffic works fine. Able to go to google and keywords/content filter works and blocks/warns as expected. However apps on the devices like google play store apple store and others stop functioning. 

I have a chromebook and a iphone in my test firewall rule and both of them are showing the same symptoms. I have added exceptions in the exeptions tab for play.google.com, youtube etc. however when https scanning is enabled in the rule these apps stop working, as soon as i untick the checkmark they start functioning again, but of course then the google searches for keywords or content filtering then stop working. 

Someone please point me in the right direction here to get this working correclty on mobile devices, Android, apple, chromebooks



This thread was automatically locked due to age.
Parents
  • You've probably realised this already, but phone apps behave very differently from a browser accessing the same sites on the same device. I'm not sure if it's because the Apps rely more on certificate pinning or just ignore the local certificate store but I've had to create long lists of exceptions for BYOD type environments that have HTTPS scanning enforced.

     

    It makes me sad :(

  • Yes i have realized this. And i realized it before i posted here. This post and responses was to ensure i was not going crazy and that i wasnt missing something. Thank you all for your help and for saving my sanity. 

    Now i get to go undo my sanity by watching logs to create exceptions

  • Mobile devices are a pain for firewall administrator.

    Had a discussion with a customer lately. He had a device, which causes couple of ATP alerts. 

    It was nearly impossible to find the cause of this alerts. (Which App?). 

    And HTTPs Inspection for mobile is another issue.

    __________________________________________________________________________________________________________________

Reply
  • Mobile devices are a pain for firewall administrator.

    Had a discussion with a customer lately. He had a device, which causes couple of ATP alerts. 

    It was nearly impossible to find the cause of this alerts. (Which App?). 

    And HTTPs Inspection for mobile is another issue.

    __________________________________________________________________________________________________________________

Children
No Data