Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 28022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Scanning Exception

Kenneth Cronin

I having issues with SSL Scan and Decrypt.  I would like to create an SSL Scanning exception for a number of sites but I can’t seem to get it working correctly.

I have created for example purposes the following exception for www.google.de

 

However when I activate it, I receive  a Content Blocked message from my UTM.  When I deactivate the exception rule I can access www.google.de without any problems.

 

Exception Activated

2017:05:24-17:48:16 astaro-1 httpproxy[6953]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.140.165" dstip="" user="kcronin" group="ITB_Internet" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffPvsEdv (ITB Internet)" size="3202" request="0xb4485e00" url="https://www.google.de/" referer="" error="" authtime="4" dnstime="0" cattime="92" avscantime="0" fullreqtime="205530" device="0" auth="3" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" exceptions="ssl,certcheck,certdate,cache"

 

Exception Deactivated

2017:05:24-17:49:41 astaro-1 httpproxy[6953]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.140.165" dstip="172.217.22.35" user="kcronin" group="ITB_Internet" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffPvsEdv (ITB Internet)" size="61917" request="0xb4866400" url="www.google.de/ referer="" error="" authtime="8" dnstime="5" cattime="218" avscantime="42696" fullreqtime="214161" device="0" auth="3" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" content-type="text/html" application="google" app-id="182" sandbox="-"

 

Any ideas what I'm missing here



This thread was automatically locked due to age.
  • 0 in reply to sachingurung

    We are running 2 SG450 in an Active-Passive HA with the latest firmware (9.413-4). 

    The Proxy is running in Standard Mode, eDirectory SSO and block access on authentication failure is active. We have several different Web filtering Profiles configured, each with a different filtering Action. We use eDirectory groups in order to assign our users to a particular filtering policy. We also have a Transparent Proxy active from a number of defined systems.  We don't have https decrypt and scan active for the Transparent Proxy and my test system is not in the Transparent Proxy group.

    Our end users have no direct connection to the Internet, they can only access it through the UTM Web Filter. Proxy Settings our obtained through a proxy pac file from the UTM.

    Pharming Protection is active

    Advanced Threat Protection is active

    Application Control is active

    I'm not too sure what other information maybe useful.

  • 0 in reply to Kenneth Cronin

    Your comment about internal pcs being isolated from the internet seems like the critical issue.

    With scanning off, I think some portion of the exchange is being offloaded to the PC, which either cannot resolve dns names or cannot connect to the target.

    Somebody who understands the inner workings of proxy logic will need to weigh in, but you should ensure that support undetstands how you restrict internet access.

Unfiltered HTML