Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pvalderrama
Explorer

Traffic to domain excepted is still blocked

Hello friends,

Nice to greet you all.

I need your help. I have the following problem. I need to access the website "usage.projectcalico.org" I have enabled it by regex and by fqdn, and the log also shows the domain *r.cloudfront.net, which I have also enabled by wildcard regex "*r.cloudfront .net" .... but the lock remains. It can be seen in the "SNI" column that contains the domain that I want to enable. Also, I have enabled a bypass rule in SSL inspection, but the blocking persists. Has anyone else had this problem and know how to fix it? I attach the evidence image.

0 Kudos
5 Replies
the_rock
Legend
Legend

Can you try by allowing custom app site and try *projectcalico* and also bypass that in https inspection policy.

0 Kudos
PhoneBoy
Admin
Admin

What version/JHF level are you running?
We only use Verified SNI if you’re on R80.40 or above.
In R80.30 or R80.20, you need to be on a specific JHF level AND have HTTPS Inspection enabled. 

0 Kudos
Pvalderrama
Explorer

Hi, friend. Thank you very much for the reply. I have version r81.10

0 Kudos
Blason_R
Leader
Leader

Did you try creating a domain object/FQDN Object? and keeping same dns on firewall which is kept at user level?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
G_W_Albrecht
Legend Legend
Legend

 

usage.projectcalico.org is not available in firefox also without CP GW:

 

Headers:
 
Connection keep-alive
Content-Length 23
Content-Type application/json
Date Mon, 05 Dec 2022 14:41:39 GMT
Via 1.1 42c9dddb4e518a9ed3248bf50565b120.cloudfront.net (CloudFront)
X-Amz-Cf-Id zk4XqztmW584JeeKX51WBO5Umsg8Jmn1oJT4RPQUFHKWu8oY8CiG3w==
X-Amz-Cf-Pop VIE50-C2
X-Cache Error from cloudfront
x-amz-apigw-id crVtpFdMNjMFoYg=
x-amzn-ErrorType ForbiddenException
x-amzn-RequestId 7af7c8f5-4dde-40bd-b8e4-ad09ae2f7c11
 
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language de,en-US;q=0.7,en;q=0.3
Connection keep-alive
DNT 1
Host usage.projectcalico.org
Sec-Fetch-Dest document
Sec-Fetch-Mode navigate
Sec-Fetch-Site none
Sec-Fetch-User ?1
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:107.0) Gecko/20100101 Firefox/107.0
CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events