This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android Web Transparent HTTPS Filtering

Hi,

 

I am trying to get Web filtering in Transparent mode with HTTPS Decrypt and Scan to work across varioud platforms. This works fine for PCs. I haven't tackled IOS devices yet.

 

For Android, I am having trouble loading the pem/cer/crt file. It gets rejected with "No certificate found". I have downloaded the Proxy Cert as a P12 file. I am able to load this into a Samsung Tab running 6.x and an Nexus running 7.x release under Settings->Security->Install from Storage.

 

However they are loaded as user certs and  not as trusted certs. The Samsung loads into under 'Trusted credentials' as a user Cert. Nexus loads it in a seperate category 'User Credentials" The Samsung device behaves better where I can access HTTPS sites including facebook in Chrome, but standalone apps like facebook,etc are broken.

Nexus is worse where nothing related to HTTPS works in apps or Chrome.

Reading around it seems it isn't possible to install the cert as a trusted root cert. This is possible most likely on a rooted device.

I have been able to get around this under by putting my devices under Skip Transparent Mode Source Hosts/Nets.

 

However, this is not viable since PCs and mobile devices share the same VLAN/WIFI and I cannot fix the IPs of all mobile devices in the company.

Is there a way for the UTM to match that this is an Android or IOS device and skip the checking. I know there are some smarts around authentication but we are not using authentication in our network.

 

Running version 9.411-3

thanks



This thread was automatically locked due to age.
  • Hi Shihab Azimullah

     

    Just wondering if you ever found a resolution to this. We are using XG firewall and would like to know your resolution if you found one.

     

    We are thinking on setting up authentication but aren't aware of the smart work arounds to which you refer?

     

    We are also wondering if there is a way to exclude https scanning of android and ios traffic.

     

    Thanks

    Gerry

  • Hi Gerry,

     

    It wasn't possible. I ended up getting a Sophos AP upon recommendation from my Firewall vendor. This allowed me to segregate devices which don't need to access internal network IOS and Android devices now can only access the internet allowing me to disable https scanning for them.

     

    This works for us. However if you need this devices to access internal network as well, then this solution won't work for you.

     

    Regards,

    Shihab