Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 28 replies
  • Subscribers 38 subscribers
  • Views 6824 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS-Problem

Nuradon
Hallo,

Ich habe ein kleines Problem und weiß nicht recht weiter ...

Ich habe bei mir den HTTP/S-Proxy im Transparent-Mode laufen.

Bei manchen HTTPS-Seiten (Amazon, etc.) wird die Seite einfach nicht aufgebaut, andere funktionieren aber tadellos.

Bisher habe ich folgendes kontrolliert:

  • Web Security -> HTTP/S -> Advanced -> Allowed target services: HTTPS ist dort eingetragen.
  • Network Security -> Packet Filter: Eine Regel die mir von Intern erlaubt Web Surfing zu betreiben. Die Regel ist aktiv und HTTPS drinnen.


Ich habe dann versucht im HTTP/S-Proxy die Funktion Scan HTTPS (SSL) Traffic zu aktivieren und die Seiten wurden aufgebaut ... leider funktionieren dann manch andere Programme nicht.

Hat jemand eine Idee, wie ich das wieder so hinbekomme, dass er mir die Seiten aufbaut ohne das ich den SSL-Traffic scannen lasse?

Ich weiß das es vor dem heutigen Update auf Version 8.002 noch funktioniert hat.

Wäre für jede Hilfe dankbar!


This thread was automatically locked due to age.
Parents
  • 0
    Nuradon, das ist das http.log, wie du siehst werden da keine https anfragen geloggt. Interesant ist das packet filter log, findest du unter anderem unter Logging->View Log Files.
    Falls du davon eintraege postest, dann bitte nicht vom livelog, sondern direkt vom logfile, da stehen mehr infos drin.
  • 0 in reply to ulmi
    Sorry,

    Jetzt aber:

    2010:10:01-17:47:11 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52070" dstport="8612"

    2010:10:01-17:47:43 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52073" dstport="8612"

    2010:10:01-17:48:16 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52076" dstport="8612"

    2010:10:01-17:48:21 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="115.186.33.12" dstip="91.115.170.90" proto="6" length="48" tos="0x00" prec="0x00" ttl="111" srcport="4612" dstport="445" tcpflags="SYN"

    2010:10:01-17:48:23 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="190.43.32.23" dstip="91.115.170.90" proto="6" length="60" tos="0x00" prec="0x00" ttl="48" srcport="2090" dstport="23" tcpflags="SYN"

    2010:10:01-17:48:24 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="115.186.33.12" dstip="91.115.170.90" proto="6" length="48" tos="0x00" prec="0x00" ttl="111" srcport="4612" dstport="445" tcpflags="SYN"

    2010:10:01-17:48:48 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52079" dstport="8612"

    2010:10:01-17:49:21 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52082" dstport="8612"


    Dort sehe ich, dass es gedropped wird ... aber wie behebe ich nun das Problem? [:(]
Reply
  • 0 in reply to ulmi
    Sorry,

    Jetzt aber:

    2010:10:01-17:47:11 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52070" dstport="8612"

    2010:10:01-17:47:43 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52073" dstport="8612"

    2010:10:01-17:48:16 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52076" dstport="8612"

    2010:10:01-17:48:21 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="115.186.33.12" dstip="91.115.170.90" proto="6" length="48" tos="0x00" prec="0x00" ttl="111" srcport="4612" dstport="445" tcpflags="SYN"

    2010:10:01-17:48:23 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="190.43.32.23" dstip="91.115.170.90" proto="6" length="60" tos="0x00" prec="0x00" ttl="48" srcport="2090" dstport="23" tcpflags="SYN"

    2010:10:01-17:48:24 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="ppp0" srcip="115.186.33.12" dstip="91.115.170.90" proto="6" length="48" tos="0x00" prec="0x00" ttl="111" srcport="4612" dstport="445" tcpflags="SYN"

    2010:10:01-17:48:48 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52079" dstport="8612"

    2010:10:01-17:49:21 astaro ulogd[4021]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="6c:f0:49:5:17:4e" dstmac="40:61:86:1:ff:21" srcip="192.168.39.2" dstip="192.168.39.1" proto="17" length="44" tos="0x00" prec="0x00" ttl="128" srcport="52082" dstport="8612"


    Dort sehe ich, dass es gedropped wird ... aber wie behebe ich nun das Problem? [:(]
Children
No Data
Unfiltered HTML