This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deactivate proxy block page

We have the situation:

transparent proxy active
proxy CA not rolled out to clients
several applications blocked (i.e., unsanctioned cloud services)

Now, whenever a user attempts a connection to a blocked https site, the UTM acts as a MITM and generates an ad-hoc certificate for the blocked https site to display its warning message. Since we have not rolled out the proxy CA, this ad-hoc certificate is not trusted by our clients which then leads to certificate warnings.

Rolling out the proxy CA to our clients is not an option (in the near term), due to user privacy concerns, works council involvement, German labor laws, ...

Is there any way to configure the UTM to stop acting as MITM and to simply interrupt the https connection (FIN/RST?) instead?

This thread was automatically locked due to age.

Top Replies

emmosophos over 3 years ago in reply to terrzfor +1 verified

Hello terrzfor, I see, no unfortunately this is not possible in the UTM at the moment. The XG has this option to Drop connections without user notification. Regards,

Parents

0 emmosophos over 3 years ago

Hello terrzfor,

Thank you for contacting the Sophos Community!

You can configure the UTM not to do Decrypt & Scan for specific networks and only do URL Filtering.

Or bypass specific networks from the Web Filter for Transparent mode. Under the Web Protection >> Filtering Options >> Misc >> Skip transparent mode Source.

Or you are looking for a way to avoid users without the certificate to be able to navigate any HTTPS web site?

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 terrzfor over 3 years ago in reply to emmosophos

We do not use decrypt and scan, we only use URL filtering. But whenever an URL is blocked, the UTM tries to inform the user via a notification web site. The problem with that notification web site is that it needs to impersonate the client's desired destination, thus acting as a man-in-the-middle "attacker".

I'd like to replace the "display proxy block notification web site" with "RST client's tcp connection" (or something similar).

If our users cannot navigate to legitimate sites (required for their job functions), they'll let us know anyways (regardless of whether or not they saw the proxy notification web site).
Cancel
Vote Up 0 Vote Down

Cancel
+1 emmosophos over 3 years ago in reply to terrzfor

Hello terrzfor,

I see, no unfortunately this is not possible in the UTM at the moment. The XG has this option to Drop connections without user notification.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

+1 emmosophos over 3 years ago in reply to terrzfor

Hello terrzfor,

I see, no unfortunately this is not possible in the UTM at the moment. The XG has this option to Drop connections without user notification.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel

Children

No Data