Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2396 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug in SSL filtering?

_Richard_
I am having problems accessing a web page when SSL scanning on the Sophos UTM is set to 'decrypt and scan'.  When I change this to 'URL filtering only' the page displays ok and I am able to login to the web page.
I have only come across one URL where this is a problem, but no doubt other URLs may be affected also.

The URL in question is:

http://www.capitalone.co.uk/web/sign-in.jsf

I have tried adding the capitalone.co.uk domain to the list of allowed websites, however this does not resolve the problem.
Can anyone advise me as to any additional configuration settings I could change so I can view this page with SSL scanning set to 'decrypt and scan', or is this a bug that can only be resolved with updated firmware? 

thanks,

Richard


This thread was automatically locked due to age.
Parents
  • 0
    Hey,

    Have you tried adding an exception under web protection filtering options?  This way you can disable ssl scanning and other options for that site.  

    I think putting the site in allowed list won't do anything if the site isn't blocked under a specific category.
  • 0 in reply to Ross86
    Many Credit Card (and other high-risk sites) sites do not work with SSL Scanning enabled, and an Exception to skip SSL scanning for the site would be required to fix that issue.  I know that some sites include code/detection systems that detect "man in the middle" SSL attacks and that causes problems, as, essentially, that's what the UTM does to do SSL scanning.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to Ross86
    Many Credit Card (and other high-risk sites) sites do not work with SSL Scanning enabled, and an Exception to skip SSL scanning for the site would be required to fix that issue.  I know that some sites include code/detection systems that detect "man in the middle" SSL attacks and that causes problems, as, essentially, that's what the UTM does to do SSL scanning.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner