Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 15399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG135 (SFOS 16.01.2) is blocking unknown protocol traffic by default

Ishwarsingh

Hi,

Currently my device XG-135 is running on V16.01.2, and it is weird to see that it is blocking unknown protocol traffic. Although "Block unrecognized SSL protocol " option is disabled under Web--> Protection. Below screenshots for reference.

 

Please suggest how to resolve this issue. There was no such issue until V15 & V16, all began after 16.01.2 . 



This thread was automatically locked due to age.
  • 0

    Hi Kumar,

    Restart Web Proxy service from Administration> services> Web proxy. 

    Any help with that?

  • 0 in reply to sachingurung

    Hi Sachin,

    I have rebooted the device several times, but still no luck. Block unrecognized option is unchecked but don't know what is the issue.

    Perhaps it's a bug in the version 16.01.2. Earlier there was no issue.

     

    Please suggest, should I disable the HTTPS Scan feature ?

     

    Thanks,

    Kumar

  • 0 in reply to Ishwarsingh

    Kumar,

    are your patterns updated? I advice you to open a ticket with the support.

    Keep us informed on that!

  • 0 in reply to Ishwarsingh

    Hi Kumar,

    I will test this on our side today and let you know a workaround. I will also check out internally if the issue is already reported.

    Thanks

  • 0

    Hi Kumar,

    I am using the same settings on my test XG right now and everything works fine on my end. Is there any particular website that is causing this issue? Show us few log lines from the advance shell> awarrenhttp.log.

    Thanks

  • 0 in reply to sachingurung

    I have been receiving that error for sometime before the current XG version was released.

    If it is blocked it must be known protocol to block it, so how can it be an unknown protocol? Pity the error doesn't provide more details about the unknown protocol so you can locate the source or destination.

  • 0

    The "Block unrecognized SSL protocol" is perhaps misnamed.  There was some internal discussion about how to name/describe it simply and accurately.  Basically there is traffic that is trying to use SSL protocol or ciphers that are known to be compromised or unsafe.  For example, the XG support TLS 1.0, 1.1, and 1.2.  It does not support SSL 3.0 because that protocol is now considered unsafe.  If a client tries to connect to a server using SSL 3.0 we have two choices - we can block it, or we can allow it and tunnel the traffic unscanned.

    To be clear - this is not blocking "unknown protocols" this is blocking "known but unsupported (due to unsafe) SSL protocols".  It only applies to SSL protocols.

    Turning this option off will allow access to old websites that do not have modern SSL implementations and which are much more likely to be hacked.

    Without knowing more about your situation, I couldn't tell you whether this option would even affect your traffic.

  • 0 in reply to lferrara

    Hi Luk,

    Opened a support ticket, reference number is [#6847577].

    Let us see, what is the explanation given by support guys.

     

    Thanks,

    Kumar

  • 0 in reply to sachingurung

    Hi Sachin,

    Yes it is a particular website i.e. of our organization with Server IP - 220.227.24.121. It is being blocked, although all the site URLs pertaining to our organization is added under exception, but don't know why there is such issue.

    Please suggest.

     

    Thanks,

    Kumar 

  • 0 in reply to Ishwarsingh

    Hi Kumar,

    DM me the URL and a screenshot of the block or error page that you receive. Show me a picture of HTTPS exception policy and the configured URL(s).

    Thanks