Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Senior Member
Join Date: Apr 2012
Posts: 332
#1 (permalink)  
Old 11-19-2012, 07:34 PM
Question SSL and https://www.gmail.com

I am using Proxy Profile Scan with HTTPS (SSL) traffic. All locks work properly, except for https://www.gmail.com where a message appears asking you to confirm the certificate.

After the message, the lock works!

Does anyone know why this behavior? The problem does not occur for https://mail.google.com.
Attached Images
File Type: jpg gmail.jpg (36.3 KB, 26 views)
File Type: jpg gmail2.jpg (39.2 KB, 25 views)
Reply With Quote
Wizard
Join Date: Jul 2008
Location: Pune - India
Posts: 2,771
#2 (permalink)  
Old 11-20-2012, 03:10 AM
Default

Hello ,

its seems its again issuse of url filtering " information and Communication" /uncheck web mail ,url filtering categories from information and communcation

if you look at your image gmail2 it will give idea by reporting web mail not allowed

btw:did you import ssl certification /ssl proxy in your browser

you can also try mail.gooogle.com




2012:11:20-09:28:18 acenn httpproxy[4970]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.2.110" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3094" request="0x123a2418" url="https://mail.google.com/mail/" exceptions="" error="" reason="category" category="156" reputation="trusted" categoryname="Web Mail"

thx
Reply With Quote
Senior Member
Join Date: Apr 2012
Posts: 332
#3 (permalink)  
Old 11-20-2012, 09:12 AM
Default

Quote:
Originally Posted by utm_kid View Post
Hello ,

its seems its again issuse of url filtering " information and Communication" /uncheck web mail ,url filtering categories from information and communcation

if you look at your image gmail2 it will give idea by reporting web mail not allowed

btw:did you import ssl certification /ssl proxy in your browser

you can also try mail.gooogle.com




2012:11:20-09:28:18 acenn httpproxy[4970]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.2.110" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3094" request="0x123a2418" url="https://mail.google.com/mail/" exceptions="" error="" reason="category" category="156" reputation="trusted" categoryname="Web Mail"

thx
I really want to filter the category Webmail via https (scan) and the certificate has been imported into my browser.

My doubt is because https://www.gmail.com show the certificate invalid and not for https://mail.google.com?

Last edited by Siarom; 11-20-2012 at 10:24 AM.
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 7,135
#4 (permalink)  
Old 11-20-2012, 11:13 AM
Default

some sites can properly detect the astaro sitting in the middle of what is supposed to be a dedicated connection..
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
BrucekConvergent's Avatar
Master of Reality
Join Date: Oct 2005
Location: SC, USA
Posts: 4,874
#5 (permalink)  
Old 11-20-2012, 02:57 PM
Default

Quote:
Originally Posted by William View Post
some sites can properly detect the astaro sitting in the middle of what is supposed to be a dedicated connection..
And for these sites, you have to disable SSL scanning (via exception).
__________________
Convergent Information Security Solutions, LLC
Sophos Platinum Solution Partner
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 7,135
#6 (permalink)  
Old 11-20-2012, 04:57 PM
Default

yeppers..too true
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 05:58 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.