I have a case open with sophos but thought to have a running thread about this as well in case anyone would like to share their experience or knowledge to help resolve it.
I have sg105 , recently installed UTM 9.350-12 in transparent mode.
I have been unable to get HTTPS scanning to fully work across all platforms, devices on my network which consist of android, ios, osx, windows.
The closest I've come to obtaining what I want is getting android, osx, windows devices to be able to decrypt google.com, yahoo.com and to enforce safe search. This is pretty close to what I wanted.
On iOS devices, I also was able to get safari to successfully decrypt google.com and yahoo.com to enforce safe search. However, I have not been able to get the CA cert to be trusted within iOS chrome nor the google search app.
For iOS chrome it states within browser for the certificate error details:
The identity of this website has not been verified.
Server's certificate is not trusted.
Your connection to Google is encrypted using an obsolete cipher suite.
The connection uses TLS 1.2
The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.
See attached for screenshot of an ipad of what the cert details show within ios chrome.
The web filtering log showed these errors that appear to be tied to the ssl scanning for ios devices:
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe2b2c800" function="ssl_cert_read" file="ssl.c" line="157" message="certificate invalid, removing"
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe2b2c800" function="ssl_certcache_lookup" file="ssl.c" line="444" message="failed to read certificate: Invalid argument"
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 80 (Input/output error)"
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 5 (Input/output error)"
2015:09:28-06:28:16 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 87 (Input/output error)"
_google_ IOS App on ios devices fails to connect with this error:
2015:09:03-21:53:20 *** httpproxy_5663_: id=_0001_ severity=_info_ sys=_SecureWeb_ sub=_http_ name=_http access_ action=_pass_ method=_GET_ srcip=_172.16.28.103_ dstip=_216.58.217.132_ user=__ ad_domain=__ statuscode=_204_ cached=_0_ profile=_REF_HttProContaInterNetwo2 _Decrypt Filter__ filteraction=_REF_DefaultHTTPCFFAction _Default content filter action__ size=_0_ request=_0xe1712800_ url=_www.google.com/gen_204
Here are some steps I have completed along with tech support's recommendations for IOS SSL scanning issues:
Downloaded UTM CA cert from web protection > filtering options > HTTPS CAs which is p12 includes private key. Email p12 to self and open within the default ios mail app. This creates a profile under settings > general in IOS. Once installed it becomes "verified" and is in green font.
results : see above details for errors.
Although not directed by tech support, I found good info on the BB from posters like BAlfson stating to try to download cert directly user portal login while within safari browser.
results: no changes in ssl decryption issues. However more apps were able to at least function with decryption mode on in transparent mode such as facebook but not ones I needed like google search app. The Google search app just fails to to connect with ssl decryption on, stating : Unable to get results. Please check your network connection.
Skip "certificate trust check" , "certificate date check" for IOS devices - under web protection > filtering options.
result : no change in issue
regenerated all certs and tested with same issues.
reset my UTM using backup/restore and went back to the earliest date I had which was before I started firewall or web filtering. I regenerated the certs as well.
results: same issue
After still failing to get everything to work properly, I decided as a last ditch effort to reset the UTM to default factory settings and only enable web protection with SSL scanning in transparent mode. My OsX laptop, android devices accepted the CA cert and allowed me to successfully decrypt ssl traffic from google.com, yahoo.com.
I then tested installing the same CA cert as a "profile" on my iOS devices next. The cert stated it was "verifed", trusted within the CA profile under settings > general. I first tested Safari browser and it successfully decrypted google.com, yahoo.com and it was able to decrypt the sessions. Then I tested chrome browser and the google search app.
In chrome, it repeated the same issues as before where it blocks the connection with no way to bypass such as go to advanced and proceed anyway. See attached for same screenshot of the message and error details.
The web filter log showed these same errors:
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe2b2c800" function="ssl_cert_read" file="ssl.c" line="157" message="certificate invalid, removing"
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe2b2c800" function="ssl_certcache_lookup" file="ssl.c" line="444" message="failed to read certificate: Invalid argument"
2015:09:28-06:28:09 *** httpproxy[13038]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1571" message="Read error on the http handler 80 (Input/output error)"
Thank You!
This thread was automatically locked due to age.