Hi, we have the HTTP/S proxy set to transparent but we do not currently want HTTPS traffic checked. Is there a way to exclude HTTPS traffic so it can be viewed in a browser etc?
In "Transparent" mode, HTTPS traffic is not handled by the proxy unless 'Scan HTTPS (SSL) Traffic' is checked on the 'Global' tab.
Usually, when people first install Astaro, they cause the setup wizard to create a packet filter rule like 'Internal (Network) -> Web Surfing -> Any : Allow', and that includes HTTPS traffic. If that rule isn't active, then you at least would need a packet filter rule like 'Internal (Network) -> HTTPS -> Internet : Allow'.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
In "Transparent" mode, HTTPS traffic is not handled by the proxy unless 'Scan HTTPS (SSL) Traffic' is checked on the 'Global' tab.
Usually, when people first install Astaro, they cause the setup wizard to create a packet filter rule like 'Internal (Network) -> Web Surfing -> Any : Allow', and that includes HTTPS traffic. If that rule isn't active, then you at least would need a packet filter rule like 'Internal (Network) -> HTTPS -> Internet : Allow'.
Cheers - Bob
Hi Bob,
thanks for the reply. I created the said filter rule but the pages still will not load. I have "Scan HTTPS (SSL) Traffic" unticked and the packet filter rule is set as All > HTTPS > ALL = Allow. Have selected All just for now for testing purposes.
Hi. Did you by chance change the service definition for https? Default drop means nothing on the Pf rule list is matching so it goes to the base Rule you can't see which is to drop everything. Also, try internal (network) as your source.
Forgot to mention. I say try internal network or even 'any' since I'm not sure if 'All' which you referenced is your own creation or you meant our ANY
Hi Angelo,
i havent changed the service definition, this is on a clean install of the software. Yes, when i say ALL i meant the built in ANY rule. To test this out, i even set the following packet filter rule: ANY > ANY > ANY = Allow and yet no HTTPS traffic goes through. With that setting shouldnt all traffic be allowed through?
Do I have to mention, that ANY - ANY - ANY is bad, if a Internet connection is connected ? [:D]
However, usual failure if packetfilterrule to Internet does not work is, that you have forgot to create a masquerading rule under Network Security / NAT
Do I have to mention, that ANY - ANY - ANY is bad, if a Internet connection is connected ? [:D]
However, usual failure if packetfilterrule to Internet does not work is, that you have forgot to create a masquerading rule under Network Security / NAT
Lol, yep, i only used this for testing, is turned off at the moment.
Masquerading rule it was, created the rule as Internal > External. Packet filter rule is now set as Internal > HTTPS > Internet IPv4 = Allow and HTTPS pages now load. Thanks alot Sascha [:)]
Sorry, also, i only have the one packet filter rule at the moment for the HTTPS traffic. Do i need to setup another packet filter to deny any incoming traffic or would this happen by default as there is no inbound rule setup at the moment? Thanks.
