Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 4002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cloudflare protected Websites disconnects when Sophos Firewall TLS Decryption is enabled

Markus Heilgemeier

Hello together,

i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de 

are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them.

Once the TLS Decryption is turned off Websites works fine.

Since the interruption comes from Cloudflare Server theres is no Errors in TLS Log of Sophos Firewall.

So it is not possible to fix the errors about the TLS Error Overview.

For my understanding the only way to get things work is to excluce the affected FQDNs from Decryption.

But which sites must be tested manually Disappointed

Does anyone know an more secure Soluton or at least the parameters for creating an custom application category for all Sites protected by cloudflare?



This thread was automatically locked due to age.
Parents
  • 0

    I do not know the cause.  With additional logging on I cannot see anything produced by the XG that would cause this.

    I think it is related to the requests to /api/graphql
    In Chrome with HTTPS not decrypted = return code 200/304
    In Firefox with HTTPS decrypted = return code 200/304
    In Chrome with HTTPS decrypted = return code 403

    The 403 is being returned by the webserver, it is not something from the XG.  I have confirmed we are not modifying the headers.

  • 0 in reply to Michael Dunn

    Well i had the same experience and i have seen also nothing in the Logs of different Sophos Firewalls.

    When i have time this weekend i will capture some wireshark logs with comment and try to contact cloudflare.

      Maybe you have an internal contact to cloudflare? Problem is surely to get someone in cloudflare support who understands the problem.

Reply
  • 0 in reply to Michael Dunn

    Well i had the same experience and i have seen also nothing in the Logs of different Sophos Firewalls.

    When i have time this weekend i will capture some wireshark logs with comment and try to contact cloudflare.

      Maybe you have an internal contact to cloudflare? Problem is surely to get someone in cloudflare support who understands the problem.

Children
Unfiltered HTML