Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 3 answers
  • Subscribers 5 subscribers
  • Views 5998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPs Scanning UTM 9

Vladimir Kavaravanin

Hi everyone,

 

I am writing you, because I cannot setup properly Https scanning (Decrypt and Scan in Filter transparent mode) with this option Sophos decrypt and scan all HTTPS traffic, I want to make a list of exception when traffic will go without decrypt and scan. First of all I configured and turn on  Decrypt and Scan in Filter transparent mode on and made changes in settings Filter Option --> Misc --> Nets or Skip Transparent Mode Destination Hosts and added DNS host example *.bloomberg.com and common bloomberg.com, but it did not help me the sophos continue to scan https traffic. Could you tell me what I am doing wrong?

 

Thank you in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Sveiki Vladimir and welcome to the UTM Community!

    Please show a line from the Web Filtering log where the Proxy was not skipped.  Also pictures of the Edits of the configuration you hoped would cause the traffic to skip the Proxy.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Error Web Filtering Log: Sophos Machine httpproxy[5522]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1621" message="Read error on the http handler 104 (Input/output error)"

     

    At the beginning I did the following: I turned on Decrypt and scan Transparent mode and added website Skip Transparent Mode Destination Hosts, unfortunately it did not help. So, I decided to add websites to exception list Filter Options-->exceptions and exclude ssl scanning. Now everything works fine.Trusted websites is not scanned by Sophos

    But there is additional issue, where can I get worldwide trusted websites (Banks,Government websites and added it to list), because it will take a lot of time to add 100 websites in list. 

  • 0 in reply to Vladimir Kavaravanin

    Have you read my post "Troubleshooting Web Filtering"?

    You did not distribute the UTM CA certificate.

Reply Children
  • 0 in reply to DouglasFoster

    Ofcouse, I red troubleshoot Web Filtering twice. Even more, the root of the problem is not in the CA UTM certificate, because my idea is in bypass ssl scanning for particular websites such as banks and government. In other words when you goes to website https://bloomberg.com the original certificate should not be changed to UTM CA certificate and bypass ssl scanning. This was the main problem. I can easily implement certificate to Trusted Root Certification Authorities, but I do not want to make Man in the middle  attack  for websites in my list. 

    From my point of view there is only one way add websites to Filter Options --> Exceptions --> Https scanning in this case you will avoid ssl scanning from the website  list, but there is one thing how to upload 100 trusted worldwide websites and do not input it manually. 

     

    Thanks everyone for support. I will implement CA UTM certificate later via GPO. 

Unfiltered HTML