Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ihenock1011
Advisor

Url filtering detects

Hi All,

I have an R81.10 security gateway in VSX mode, and URL/Application filtering is enabled. The URL is explicitly allowed in the app/URL filtering rule base. However, the URL filtering indicates the detection of one of the URLs and reports an untrusted certificate, even though it is a valid certificate. This issue is blocking users from accessing the site. What should I check in order to resolve this?

Thanks,

0 Kudos
8 Replies
the_rock
Legend
Legend

Hey @Ihenock1011 ,

Are you able to send a screenshot? I have real good https inspection lab going in R81.20, so can also do a quick test if needed. Please blur out any sensitive info mate.

Best,

Andy

0 Kudos
Ihenock1011
Advisor

@the_rock 

sure, Attached is the screenshot for the specific log.

 

 

0 Kudos
the_rock
Legend
Legend

I know customer had an issue like this 2 years ago, I will check my notes later and see what was the solution.

Andy

0 Kudos
emmap
Employee
Employee

Is it a public website? Is it a valid certificate publically or for your domain? 

0 Kudos
Ihenock1011
Advisor

@emmap  Yes, its SWIFT's cloud service.

https://tracker.browse.swiftnet.sipn.swift.com

 

0 Kudos
emmap
Employee
Employee

When I load that link I get an invalid CA error in Chrome, and viewing the cert it doesn't look like it was issued by any publicly trusted CA. It looks like this is a valid determination by the gateway. To get around this you'll have to do an IP based bypass, which might be a challenge depending on where/how the service is hosted.Annotation 2024-01-16 173237.png

 
0 Kudos
the_rock
Legend
Legend

I see what @emmap is saying, its definitely NOT issues by valid trusted CA authority.

Best,

Andy

0 Kudos
the_rock
Legend
Legend

This is what customer told me back in 2023 when they had this issue, but again, not sure if this might be the case with you...

Andy

***********

We found the problem. I’m not sure how this happened but looks like we were missing the SAN (Subject Alternative Name in the certificate).

******************

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events