Cloudflare protected Websites disconnects when Sophos Firewall TLS Decryption is enabled

Question

Hello together, 
 i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de 
 are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them. 
 Once the TLS Decryption is turned off Websites works fine. 
 Since the interruption comes from Cloudflare Server theres is no Errors in TLS Log of Sophos Firewall. 
 So it is not possible to fix the errors about the TLS Error Overview. 
 For my understanding the only way to get things work is to excluce the affected FQDNs from Decryption. 
 But which sites must be tested manually 
 Does anyone know an more secure Soluton or at least the parameters for creating an custom application category for all Sites protected by cloudflare?

Michael Dunn · Answer

I do not know the cause. With additional logging on I cannot see anything produced by the XG that would cause this.

I think it is related to the requests to /api/graphql
In Chrome with HTTPS not decrypted = return code 200/304
In Firefox with HTTPS decrypted = return code 200/304
In Chrome with HTTPS decrypted = return code 403

The 403 is being returned by the webserver, it is not something from the XG. I have confirmed we are not modifying the headers.

Cloudflare protected Websites disconnects when Sophos Firewall TLS Decryption is enabled

Top Replies