Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 4002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cloudflare protected Websites disconnects when Sophos Firewall TLS Decryption is enabled

Markus Heilgemeier

Hello together,

i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de 

are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them.

Once the TLS Decryption is turned off Websites works fine.

Since the interruption comes from Cloudflare Server theres is no Errors in TLS Log of Sophos Firewall.

So it is not possible to fix the errors about the TLS Error Overview.

For my understanding the only way to get things work is to excluce the affected FQDNs from Decryption.

But which sites must be tested manually Disappointed

Does anyone know an more secure Soluton or at least the parameters for creating an custom application category for all Sites protected by cloudflare?



This thread was automatically locked due to age.
Parents
  • 0

    No problems here and no special settings. Did you import the used CA certificate to your computers' trusted root CA store?

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Hello,

    thanks for testing the URL.

    You might misunderstood the Issue or i not explained it well, there is no problem within the CA Root Certificate.

    CA Error would give an Error Message from Browser.

    Website loads the Homepage, then we click on an Category like in the screenshot below and it comes an customized error message from Cloudflare Network.

    I have tracked it down a little bit, it works in Firefox with no issues.

    Latest Microsoft Edge has the Problems, even after resetting the Browser complete.

    Same behaviour with latest Opera.

    I think that is has to do with the way the Browsers fetches the Root CAs, Firefox uses on other way to do this.

  • 0 in reply to Markus Heilgemeier

    Yes, same happens here; tried with Edge, Chrome and Brave browser and all show the same error. However after the error shows I can click on reload and the requested page does show. I have no firefox installed to try.

    This is strange and I don't know how/what can be done about it.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to Markus Heilgemeier

    Yes, same happens here; tried with Edge, Chrome and Brave browser and all show the same error. However after the error shows I can click on reload and the requested page does show. I have no firefox installed to try.

    This is strange and I don't know how/what can be done about it.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML