Internet Related/Filtering/Firewall Thread, Smoothwall proxy / HTTPS issue in Technical; Hi guys,
We have a Smoothwall 3 proxy on our BYOD network. It is transparently filtering web access. We have ...
30th January 2014, 10:57 AM #1
Smoothwall proxy / HTTPS issue
We have a Smoothwall 3 proxy on our BYOD network. It is transparently filtering web access. We have found that it will not pass HTTPS / 443 traffic on BYOD machines. If you go in to the browser on the machine and explicitly enter the proxy in Connections > LAN Settings, you can access HTTPS sites. Remove this entry, and have it work 'transparently', and HTTPS stops. There are no errors or block pages displayed on the BYOD device, it just sits there and eventually times out. Any ideas as to why this is?
30th January 2014, 11:04 AM #2
BYOD device isn't windows XP or aged android is it?
30th January 2014, 11:15 AM #3
Under testing, it's a Server 08R2 box. Have tested with IE, Chrome, and FF.
Same situation with Mac OS 10.6 / Safari 5.1.7
Last edited by iSteve; 30th January 2014 at 11:37 AM.
30th January 2014, 04:25 PM #4
I thought ssl didn't work transparent ly. Without pushing the proxy server setting through pac or wpad file.
30th January 2014, 06:11 PM #5
I presume we should set the BYOD DHCP to set option 252 for WPAD pointing to a PAC file?
Last edited by iSteve; 30th January 2014 at 10:00 PM.
Reason: ....think I answered my own question
31st January 2014, 12:34 PM #6
I've been having a play this morning. We've switched to IP cop in its standard form without Advanced Proxy or any other bells and whistles.
I have created wpad.dat and proxy.pac files, they are hosted on the IP cop machine which is listening on port 80. Telling IE to use this pac file, works. I have then set the hosts file of the IP Cop machine to have wpad > 172.16.0.1, so I can point things to http://wpad/proxy.pac for the file
Now...things start to get messy...
Transparent proxying is turned OFF so I am forcing things to use the PAC etc
I have tried to pass option 252 in the dhcpmasq file, however it seems that Windows machines don't requests this according to the DHCP logs. If you set the Windows machine to Auto Detect Settings, it seems happy. HTTP and HTTPS work.
I have a MacBook on 10.6 which ignores everything I tell it to use (auto, pac), but is happy with explicit entries
iPhone with iOS6 - unhappy with PAC, doesn't request option 252.
Turning on transparent proxy, everything connects on HTTP but not HTTPS - as expected
Does anyone have a solution working where BYOD users can get HTTPS sites? Help!
2nd February 2014, 11:05 PM #7
- Rep Power
Transparent proxying/filtering of HTTPS will send an invalid certificate (from the router) the client must first trust as it has to do deep packet inspection (if supported). Basically the destination address cant be read from the connection packet as its encrypted so it has to decrypt and reencrypt data. I don't have a smoothwall but a fortigate so cant really help much more I'm afraid.
By Ric_ in forum Internet Related/Filtering/Firewall
Last Post: 14th May 2013, 11:27 AM
By mmoseley in forum Wireless Networks
Last Post: 10th October 2008, 12:56 PM
Last Post: 25th May 2008, 12:04 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)