Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 3763 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

client is not able to connect when https scan is on

testdlp
Hi 
   I am new in astaro I am using ASG 8.0 . I have to use astaro gateway between client and server using https and certificate based authentication for
communication .but if I checked the SSl scan in web security.then client is not able to connect the server.
Can anybody resolve my problem

Thanks,


This thread was automatically locked due to age.
  • 0 in reply to Scott_Klassen
    Let's try this:  In the HTTPS proxy, go to the HTTPS CAs Tab and upload the certificate.  See the attached screenshot.  If we're lucky, it'll work.

    If not, and the suggestions to use proxy profiles for different modes for the client, exceptions, or the skip list won't work for you, then you may be best off contacting your reseller.  If allowed to, they would be able to remote into your system, or if local, come onsite for a service call.


    I would not upload a certificate to ASG proxy, if it's used to authenticate a client.

    If proxy is running in transparent mode, add a exception in the transparent skiplist for the server, in standard mode a ssl skip exception...
  • 0
    @Sascha Paris:  We've already been over those points.  For whatever insane reason, he will not do either of these.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    testdlp, these guys each know a lot.  I have a client with Citrix servers in a co-location that run a client-server app.  There's no reason to run their traffic through the proxy, so it goes directly via packet filter rules.  This is, in essence, what Scott and Sascha are suggesting to you.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA