Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 82321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate Warning with https set to "URL filtering only"

kdessis
Hi guys,

we installed a new system in a VM at a customer.

Enbaled Webfilter set to transparent mode and set HTTPS scan settings to "URL filtering only". This should normally not produce any certificate warnings... but IT DOES.
Any client who accesses a secure site gets a warning shot in the browser.
I disabled, enabled webfilter, restared the GW.. always same strange bahviour...

The only way at the moment is to enable "Do not proxy HTTPS traffic in transparent mode" but thats not what we want... 

...any ideas??

Cheers, kdessis


This thread was automatically locked due to age.
  • 0 in reply to AlleynsITSupport
    I have a cert for *.mydomain.org.uk so I can use it for this purpose.  So I set my dns up for passthrough.mydomain.org.uk to point to the UTM.  

    However this seems to break browsing when authenticating via the browser.  On my macs I then cannot get anywhere at all.  I don't even get to the UTM browser login page.

    have a I missed a trick here - this is very annoying!



    Hi AlleynsITSupport,

    Did you put the DNS entry as the IP of the UTM or the IP as: 213.144.15.19?

    The reason for this is that Astaro/Sophos actually own this IP so they can use it in their UTM so when a packet that is destined for that external IP the UTM actually goes "ooh, that's for me" and intercepts it.

    To double check, if you go to Definitions & Users > Network Definitions then search for "passthrough" (w/out quotes) it will show two entries, the IPV4 definition which should be the IP shown above and an IPV6 address. Make sure the DNS entry matches up to what this definition says in your DNS and that should help. Another thing to make sure is that on the devices you install the Proxy CA Cert which can be found in Web Protection > Filtering Options > HTTPS CAs. This will help prevent trust issues.

    But if you're in a BYOD environment, this gets a tad difficult :/

    Hope this helps,
    Emile
  • 0
    Ah!

    I put the DNS entry for passthrough.mydomain.org.uk as the UTM's IP but under Definitions & Users > Network Definitions it is 213.144.15.19.

    I'll change it later today and see if it helps.  Thanks for the tip!

    We will be doing BYOD at some point but at least we have some time to figure that one out...
  • 0
    I was having the exact same problem outlined by Kdessis and found that my UTM wasn't wasn't resolving any external addresses. I have my interfaces configured in bridge mode and had the IPV4 default gateway address set incorrectly. After changing this I was no longer having these issues as the URLs were able to resolve correctly.

    As outlined by others below the certificate error was showing up as the UTM network unreachable page was being displayed with SSL.

    Just thought I would add incase anyone in the future comes across the same issue as KDessis as I did.
Unfiltered HTML