Hi,
Some applications on IOS devices fail to connect to their servers if decrypt HTTPS using a web proxy is enabled (obviously the Sophos XG CA is imported and enabled). I suspect they may have implemented certificate pinning or another control which prevents the Sophos XG CA certificate from being accepted by the app.
Is there a way to detect in the XG logs that either the TLS handshake between app/client and XG/server or XG/client and originating web server has failed? This would help in identifying which domain the app wants to connect to, since it is not always easy to identify this in the web filter logs.
Note: the solution to this is to add the domain of the originating web server the app wants to connect to to the web exception list and skip the HTTPS decryption there.
Br,
Jan
This thread was automatically locked due to age.