Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 8075 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access Microsoft CRLs through Webfilter

stephan_lache
Hello to all,

i just changed our proxy from TMG to UTM ( Standard Mode with AD SSO)
Everything is working fine for authenticated Users.

But i can see a lot blocked connections from computeraccounts which want to contact http://crl.microsoft.com/pki/crl.....

Via TMG there was a rule which allowed unauthenticated traffic.
How can i do this with UTM Webfilter?

A exception with "skiping authentication" does not work.

any ideas?

Thanks in advance

best regards
Stephan


This thread was automatically locked due to age.
Parents
  • 0
    Hi Stefan,
    you are on the right track - an exception is the way to go. Can you post a screenshot of the exception and a logline that shows the block. That will help us to help you :-).

    Regards
    Manfred
  • +1 in reply to Hallowach2
    This should help, Web Proxy Exception, skipping:

    Authentication / Antivirus / Extension blocking / URL Filter / Certificate Trust Check / Certificate Date Check

    and Matching these URLs:

    ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/pki
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.entrust\.net
    ^https?://([A-Za-z0-9.-]*\.)?crl\.entrust\.net
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.usertrust\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.usertrust\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.microsoft\.com
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.comodoca\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.comodoca\.com
    ^https?://([A-Za-z0-9.-]*\.)?ctldl\.windowsupdate\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.verisign\.com

    Administrating:

    • 2x UTM Software HA-Clusters (Active-Passive), Enthusiast Home Lab
    • 1x UTM525 HA-Cluster (Active-Passive), Full Guard, 6x AP15, 2x AP30, 40x RED10, 1x RED50
    • 1x SG230, Full Guard, 6x AP10, 1x AP15
    • 1x UTM220, Full Guard, 16x AP10
    • 1x UTM220, Full Guard
Reply
  • +1 in reply to Hallowach2
    This should help, Web Proxy Exception, skipping:

    Authentication / Antivirus / Extension blocking / URL Filter / Certificate Trust Check / Certificate Date Check

    and Matching these URLs:

    ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/pki
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.entrust\.net
    ^https?://([A-Za-z0-9.-]*\.)?crl\.entrust\.net
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.usertrust\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.usertrust\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.microsoft\.com
    ^https?://([A-Za-z0-9.-]*\.)?ocsp\.comodoca\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.comodoca\.com
    ^https?://([A-Za-z0-9.-]*\.)?ctldl\.windowsupdate\.com
    ^https?://([A-Za-z0-9.-]*\.)?crl\.verisign\.com

    Administrating:

    • 2x UTM Software HA-Clusters (Active-Passive), Enthusiast Home Lab
    • 1x UTM525 HA-Cluster (Active-Passive), Full Guard, 6x AP15, 2x AP30, 40x RED10, 1x RED50
    • 1x SG230, Full Guard, 6x AP10, 1x AP15
    • 1x UTM220, Full Guard, 16x AP10
    • 1x UTM220, Full Guard
Children
Unfiltered HTML