Next EAP release date?

Any word on when a EAP 2 refresh 1 or EAP 3 will be out?

This random reboot and loss of connection is killing me .

Parents Reply
  • Hi ,

    Could you give some more specific detail on what you are seeing with Firefox with DPI enabled?

    - Are the problems visible when browsing, or are you just seeing errors being logged?

    - If the problems are visible when browsing, do you see errors being logged in the SSL/TLS log in log viewer? If so, could you send (in direct message) example log lines - the detail from the detailed log view would be most helpful.

    - Are the problems happening with specific websites or are they happening across a range of sites?

    - Are you running on Windows, Mac or Linux?

    - In Firefox, enter 'about:config' in the address bar, click through the warning, and then search for security.ssl.enable_false_start. Is this set to 'true'? If you change the setting to 'false' do the quirks and errors go away or reduce?

    Many thanks,
    Rich

Children
  • Hi Rich,

     

    I'm sorry that I won't be able to provide logs right now (I will do It later).

     

    Let's start with this:

     

    RichBaldry said:
    - In Firefox, enter 'about:config' in the address bar, click through the warning, and then search for security.ssl.enable_false_start. Is this set to 'true'? If you change the setting to 'false' do the quirks and errors go away or reduce?

    Already done that before, as I faced some errors with Firefox before, here's the topic.

    This fixed a lot of errors I had before, but there's still some others.

     

    RichBaldry said:
    - Are the problems visible when browsing, or are you just seeing errors being logged?

    The problems are visible, but on XG It doesn't show any errors, it shows as the session has successfully Decrypted. * Only on "SEC_ERROR_REUSED_ISSUER_AND_SERIAL"

     

    I'm getting: "PR_END_OF_FILE_ERROR" on certain websites, just on the first time accessing it, refreshing the page after It and It will load as expected.

    2020-01-21 12:21:01SSL/TLS inspectionmessageid="19006" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="prismpc" src_ip="10.0.0.200" dst_ip="13.227.101.7" user_group="Clientless Open Group" src_country="R1" dst_country="USA" src_port="46662" dst_port="443" app_name="" app_id="0" category="Online Shopping" category_id="45" con_id="0" rule_id="3" profile_id="2" rule_name="Defauly Decrypt" profile_name="Block insecure SSL" bitmask="Valid" key_type="KEY_TYPE__RSA" fingerprint="36:07:b9:78:01:d0:df:3e:86:1c:68:5f:50:45:24:03:eb:4d:e8:dd" resumed="1" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" sni="www.mercadolivre.com.br" tls_version="TLS1.2" reason="Dropped due to TLS engine error" exception="" message=""

     

    I'm also getting a lot of "SEC_ERROR_REUSED_ISSUER_AND_SERIAL" It also depends on the website I'm accessing. Strange enough, this happens sometimes on Chrome, and give me no option to access the website anyway.

     

    RichBaldry said:
    - If the problems are visible when browsing, do you see errors being logged in the SSL/TLS log in log viewer? If so, could you send (in direct message) example log lines - the detail from the detailed log view would be most helpful.

    As stated before I will provide logs later (I will edit this post).

     

    RichBaldry said:
    - Are the problems happening with specific websites or are they happening across a range of sites?

    As stated before, It's only happening with specific websites.

     

    RichBaldry said:
    - Are you running on Windows, Mac or Linux?

    Linux on my computer, and Windows 10 on my notebook.

     

    Thanks!


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  •  

    I am having this issue since v18 EAP1 and this has been investigating by Sophos devs (I exchanged some logs and email with them). The issue is tracked under the NC-51956.

    https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/115778/using-the-new-dpi-ssl-tsl-linkedin-does-not-open-with-firefox-on-mac

    I have tried the FF workaround to disable the ssl component in about:config but doe not help alot.

    Please create proper thread and do not use this thread as the topic is totally different.

    Regards