cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
LuisSP
Iron

Ordering bypass rules

Hello checkmates! I've a client with NGFW 1490, blades enables are:

  • AppCtrl & UrlF
  • UsrAw
  • IPS
  • AV
  • AB
  • VPN RemAcc
  • Beside https categorization

The Version is : R77.20.85 (990172755). 

Recently I have activated SSL-inspection, which was activated some time ago for a short period of time because drawbacks during browsing on internet.

Nowadays, the problems previously presented mostly resolved with the build 990172755 (I know that exist update R77.20.86). 

However, now there is a new issue, some https web sites shown time-out errors on browsers (chrome, mozilla, edge),  Such error don't been show before, that's mean with ssl-inspection disable.

DNS server is local. Inclusive I put in file HOST (pc's windows) the ip addres and domain name of trouble's web sites to resolve locally on client, but issue persist. 

Lastly, I put a exception to these web sites, but I don't think that is best idea.

 

Can you help me please?

0 Kudos
2 Replies
Admin
Admin

Re: Ordering bypass rules

Are these HTTPS sites by chance that might be blocked by your policy?
Any clues in the logs or using tcpdump/fw monitor?
0 Kudos
LuisSP
Iron

Re: Ordering bypass rules

I failed to comment that it is possible to access these sites and navigate through them, but the error of time-out constantly appears.

Even, although less consistently, I already reported that the error is already presented with the gmail portal, which is one of the most used in the company.

Tonight I will run the fw monitor to be able to answer your question, although it will not be with the normal traffic load.

0 Kudos