This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to avoid certificate error?

Hi Guys,

What is the best way to avoid Certificate error when using Web Filtering and accessing https website?

Currently using transparent mode (no authentication for windows and SSO for IOS) when SSO was activated for windows, I was also getting errors regarding passthrough.fw-notify.net.

Can this be fixed by uploading a public certificate? Shouldn't it resolve to the fqdn of the UTM instead?

This thread was automatically locked due to age.

Parents

0 Michael Dunn over 10 years ago

If I recall correctly, if you are using AD SSO and you access an HTTPS site first, the following occurs:

- The system cannot perform AD SSO for HTTPS
- The system will use the "last known user" for that IP during policy selection
- The first time that the user goes to an HTTP site it will authenticate

- If there is no "last known user" (eg no user has authenticate ever from this IP) then it uses first policy that applies to all users. The cache of last known users is I think reset on proxy restart.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Michael Dunn over 10 years ago

If I recall correctly, if you are using AD SSO and you access an HTTPS site first, the following occurs:

- The system cannot perform AD SSO for HTTPS
- The system will use the "last known user" for that IP during policy selection
- The first time that the user goes to an HTTP site it will authenticate

- If there is no "last known user" (eg no user has authenticate ever from this IP) then it uses first policy that applies to all users. The cache of last known users is I think reset on proxy restart.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data