Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 3999 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cloudflare protected Websites disconnects when Sophos Firewall TLS Decryption is enabled

Markus Heilgemeier

Hello together,

i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de 

are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them.

Once the TLS Decryption is turned off Websites works fine.

Since the interruption comes from Cloudflare Server theres is no Errors in TLS Log of Sophos Firewall.

So it is not possible to fix the errors about the TLS Error Overview.

For my understanding the only way to get things work is to excluce the affected FQDNs from Decryption.

But which sites must be tested manually Disappointed

Does anyone know an more secure Soluton or at least the parameters for creating an custom application category for all Sites protected by cloudflare?



This thread was automatically locked due to age.
  • 0

    No problems here and no special settings. Did you import the used CA certificate to your computers' trusted root CA store?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Hello,

    thanks for testing the URL.

    You might misunderstood the Issue or i not explained it well, there is no problem within the CA Root Certificate.

    CA Error would give an Error Message from Browser.

    Website loads the Homepage, then we click on an Category like in the screenshot below and it comes an customized error message from Cloudflare Network.

    I have tracked it down a little bit, it works in Firefox with no issues.

    Latest Microsoft Edge has the Problems, even after resetting the Browser complete.

    Same behaviour with latest Opera.

    I think that is has to do with the way the Browsers fetches the Root CAs, Firefox uses on other way to do this.

  • 0 in reply to Markus Heilgemeier

    Yes, same happens here; tried with Edge, Chrome and Brave browser and all show the same error. However after the error shows I can click on reload and the requested page does show. I have no firefox installed to try.

    This is strange and I don't know how/what can be done about it.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0

    I do not know the cause.  With additional logging on I cannot see anything produced by the XG that would cause this.

    I think it is related to the requests to /api/graphql
    In Chrome with HTTPS not decrypted = return code 200/304
    In Firefox with HTTPS decrypted = return code 200/304
    In Chrome with HTTPS decrypted = return code 403

    The 403 is being returned by the webserver, it is not something from the XG.  I have confirmed we are not modifying the headers.

  • 0 in reply to Michael Dunn

    Well i had the same experience and i have seen also nothing in the Logs of different Sophos Firewalls.

    When i have time this weekend i will capture some wireshark logs with comment and try to contact cloudflare.

      Maybe you have an internal contact to cloudflare? Problem is surely to get someone in cloudflare support who understands the problem.

  • 0 in reply to Markus Heilgemeier

    We have no contacts with CloudFlare.

Unfiltered HTML