I’m running into some issues with the transparent proxy and HTTPS scanning and have some general questions that I have not been able to find answers to yet. I’m running version 8.203.
From what I understand, because I’m running the transparent proxy, the Exceptions tab under Web Filtering won’t help me and I need to use the Advanced tab to enter in destinations to be skipped. Can I use wildcards in a “DNS host” network definition that will be added to the transparent mode skip box? I’ve tried entering *.dropbox.com, *.logmein.com, and psi.secunia.com, but it hasn’t helped. I also found the network IP destinations for LogMeIn, placed them in a network group, and added them to the list. That didn’t help either. I’m not sure what I’m missing. I just want to exclude some websites and addresses from the proxy all together.
Here is some information from my logs.
2012:01:05-11:12:33 Firewall httpproxy[6092]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.10" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x938ab80" url="91.198.117.248" exceptions="" error="Failed to verify server certificate"
2012:01:05-11:16:37 Firewall httpproxy[6092]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="" srcip="192.168.1.10" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x9372cf0" url="91.198.117.248" exceptions="" error="Failed to verify server certificate"
2012:01:05-11:03:19 Firewall httpproxy[6092]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="" srcip="192.168.1.10" dstip="" user="" statuscode="000" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction=" ()" size="0" request="0x933f190" url="199.47.217.173" exceptions="" error=""
2012:01:05-11:03:19 Firewall httpproxy[6092]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x933fa00" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.1.10: 3004250992:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1087:SSL alert number 48
2012:01:05-11:03:19 Firewall httpproxy[6092]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x933fa00" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.1.10: 3004250992:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:838:
Since the public IP is listed and not the URL, am I required to add the IP to the skip list? I’m not sure why it wouldn’t show the URL.
Thanks for any help in advance.
--------------------
Through more troubleshooting, I found that the service definition I selected was DNS host instead of DNS group. When I created a DNS group for psi.secunia.com, multiple IPs were detected for the hostname. I've added that to the skip list, but will have to check the status when I get home. There are no more log entries for blocked psi.secunia.com though.
I'm still having trouble with *.dropbox.com yet (logs still show block messages). I don't think I can use the wildcard for the DNS group definition. Maybe this can be done somewhere else?
This thread was automatically locked due to age.
