Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 6034 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google Drive not working after enabling HTTPS scan

TomWilsonFL
Yesterday I pushed the CA Root Cert to my clients using Group Policy, then later enabled HTTPS decrypt and scan for them. So far everything seems to be working well, except Google Drive for PC. It simply will not connect.

I added my test client to the "Transparent mode skiplist", and then it started working fine, so I know it is something in the Web Protection filter that is causing the issue. I have tried adding Exceptions for many Google Drive related URLs (listed here: https://support.google.com/drive/answer/2589954?hl=en) and adding DNS host groups for "drive.google.com" to the destination host skiplist, both with no luck.

Has anyone experienced this issue? Any thoughts?

Thanks,
Tom


This thread was automatically locked due to age.
Parents
  • 0
    Before you do the hard-core stuff, consider #1 in Rulz.  Any hints in those logs?

    It's not possible for the proxy to block without recording that in the logs - unless you've de-selected that in WebAdmin.  In the Web Filtering Live Log, put the IP of the test PC in the Filter box so that you can just watch traffic from it.  Any luck?

    Cheers - Bob
Reply
  • 0
    Before you do the hard-core stuff, consider #1 in Rulz.  Any hints in those logs?

    It's not possible for the proxy to block without recording that in the logs - unless you've de-selected that in WebAdmin.  In the Web Filtering Live Log, put the IP of the test PC in the Filter box so that you can just watch traffic from it.  Any luck?

    Cheers - Bob
Children
  • 0 in reply to BAlfson
    Before you do the hard-core stuff, consider #1 in Rulz.  Any hints in those logs?

    It's not possible for the proxy to block without recording that in the logs - unless you've de-selected that in WebAdmin.  In the Web Filtering Live Log, put the IP of the test PC in the Filter box so that you can just watch traffic from it.  Any luck?

    Cheers - Bob


    (Sorry for the slow reply. I've been out of town.)

    "Log blocked pages" is checked in all of my content filter action profiles.

    With HTTPS Decrypt & Scan turned on, the ONLY log entry I see when starting Google Drive is a DNS request from the client to my internal DNS server.

    With HTTPS Decrypt & Scan turned off, I see these entries in the Web Filtering log: 

    2015:02:19-09:17:11 sophos httpproxy[5580]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.5.41" dstip="74.125.21.84" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaStaffNetwo4 (Test Student)" filteraction="REF_HttCffStudeConteFilte (Student content filter action)" size="18603" request="0xc09b8000" url="https://74.125.21.84/" referer="" error="" authtime="0" dnstime="0" cattime="142" avscantime="0" fullreqtime="265017" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"

    2015:02:19-09:17:17 sophos httpproxy[5580]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.5.41" dstip="23.4.43.27" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaStaffNetwo4 (Test Student)" filteraction="REF_HttCffStudeConteFilte (Student content filter action)" size="1363" request="0xd81d1800" url="http://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg%3D%3D" referer="" error="" authtime="0" dnstime="31331" cattime="40380" avscantime="935" fullreqtime="146485" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/x-x509-ca-cert"

    2015:02:19-09:17:18 sophos httpproxy[5580]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.5.41" dstip="74.125.21.100" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaStaffNetwo4 (Test Student)" filteraction="REF_HttCffStudeConteFilte (Student content filter action)" size="463" request="0xd54d8800" url="http://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCE9lC%2Fbj8vhQ" referer="" error="" authtime="0" dnstime="549" cattime="40553" avscantime="1160" fullreqtime="107421" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="google" app-id="182" content-type="application/x-x509-ca-cert"

    2015:02:19-09:19:14 sophos httpproxy[5580]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.5.41" dstip="74.125.21.84" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaStaffNetwo4 (Test Student)" filteraction="REF_HttCffStudeConteFilte (Student content filter action)" size="28639" request="0xdbf62000" url="https://accounts.google.com/" referer="" error="" authtime="0" dnstime="4" cattime="115" avscantime="0" fullreqtime="118261088" device="0" auth="0" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="google" app-id="182"

    2015:02:19-09:21:11 sophos httpproxy[5580]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.5.41" dstip="74.125.21.84" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaStaffNetwo4 (Test Student)" filteraction="REF_HttCffStudeConteFilte (Student content filter action)" size="6422" request="0xcd223000" url="https://74.125.21.84/" referer="" error="" authtime="0" dnstime="1" cattime="44013" avscantime="0" fullreqtime="240391285" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"