Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 26 subscribers
  • Views 16480 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I disable HTTPS MITM on the XG Device?

RobertHafner

On the UTM devices this is trivial to do- I just hit a checkbox and it stops hijacking the SSL traffic.

On the XG devices I can't find the option to do this. As far as i can tell I've disabled it in every place possible, but it's still forcing the users to go over it's MITM HTTPS which is breaking connections on our site.



This thread was automatically locked due to age.
  • 0

    Robert,

    if on your Firewall rules you are using Decrypt and Scan is not enabled, try to restart the tomcat service from advanced shell (CLI >option 5 > option 3) and run the following command:

    service tomcat:restart -dsnosync

    and try again.

    Let us know.

    Thanks

  • 0

    I called support to get help and now both of my devices are bricks- completely dead. Since your company doesn't offer next day shipping for replacement devices I have to close the company until Monday at the earliest. Since you've removed the ability to flash the firmware without user input (a feature that existed on UTM) there is literally no way for me to fix the paperweights in the office. Further, your company refused to send me the UTMs instead of the XG (a request I made due to how bad the XG units are).

    So I guess I'll try your advice next week when the replacement devices have shown up. I have to say I'm really disappointed in this company and will likely not be purchasing anything from it again.

  • 0 in reply to RobertHafner

    Robert,

    this is something that should never happen! I do not know what the Support did but maybe discovered that something was wrong. Both appliances at the same time?

    This is strange!

    XG has to improve on stability and resolve several issues that exist at the moment.

    , can you investigate and contact Robert for this situation?

    Thanks

  • 0

    The machines are actually up now, it just took some power cycling. We managed to get some assistance from support as well so the HTTPS issue has been resolved (although I'm not entirely sure why it was stuck on to begin with, and another of the engineers at my company ended up dealing with it).

  • 0 in reply to lferrara

    Hi Robert,

    I didn't quite understand your question so I would still require some more insight on that. If the devices are bricked, I would recommend you to contact your Sophos Partner to provide you a spare device. Out of the box, we are investing our sources in the XG to improve its functionality further. 

    Let me know if I can help you in any way.

    Thanks

  • 0 in reply to sachingurung

    1. We thought the devices were bricked because they wouldn't come back from a reboot. One of our engineers attempted to power cycle them multiple times and eventually they came back up. We have no idea why they failed to come back up originally.

    2. We worked with support to resolve the HTTPS decryption issue. It's really disappointing that there isn't a quick UI change for this like in the UTM, but eventually we got it figured out.

    Now we're stuck with a third problem-

    3. All HTTPS traffic is stalling at "establishing secure connection" for about 20 seconds before it allows the connection through. It seems that the proxy is still hijacking this traffic, just not decrypting it, but for some reason the proxy performance is also miserable now. As a result all of our users can browse the internet but only with horrible performance. When we bypass the XG devices and connect directly to the internet, or connect to one of our locally hosted sites, the problem goes away.