+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Smoothwall proxy / HTTPS issue in Technical; Hi guys, We have a Smoothwall 3 proxy on our BYOD network. It is transparently filtering web access. We have ...
  1. #1

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22

    Smoothwall proxy / HTTPS issue

    Hi guys,

    We have a Smoothwall 3 proxy on our BYOD network. It is transparently filtering web access. We have found that it will not pass HTTPS / 443 traffic on BYOD machines. If you go in to the browser on the machine and explicitly enter the proxy in Connections > LAN Settings, you can access HTTPS sites. Remove this entry, and have it work 'transparently', and HTTPS stops. There are no errors or block pages displayed on the BYOD device, it just sits there and eventually times out. Any ideas as to why this is?

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    BYOD device isn't windows XP or aged android is it?

  3. #3

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22
    Under testing, it's a Server 08R2 box. Have tested with IE, Chrome, and FF.

    Same situation with Mac OS 10.6 / Safari 5.1.7
    Last edited by iSteve; 30th January 2014 at 10:37 AM.

  4. #4
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,058
    Thank Post
    45
    Thanked 86 Times in 81 Posts
    Rep Power
    23
    I thought ssl didn't work transparent ly. Without pushing the proxy server setting through pac or wpad file.

  5. #5

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22
    I presume we should set the BYOD DHCP to set option 252 for WPAD pointing to a PAC file?
    Last edited by iSteve; 30th January 2014 at 09:00 PM. Reason: ....think I answered my own question

  6. #6

    Join Date
    Jan 2007
    Location
    The Console
    Posts
    236
    Thank Post
    22
    Thanked 29 Times in 23 Posts
    Rep Power
    22
    I've been having a play this morning. We've switched to IP cop in its standard form without Advanced Proxy or any other bells and whistles.
    I have created wpad.dat and proxy.pac files, they are hosted on the IP cop machine which is listening on port 80. Telling IE to use this pac file, works. I have then set the hosts file of the IP Cop machine to have wpad > 172.16.0.1, so I can point things to http://wpad/proxy.pac for the file

    Now...things start to get messy...

    Transparent proxying is turned OFF so I am forcing things to use the PAC etc

    I have tried to pass option 252 in the dhcpmasq file, however it seems that Windows machines don't requests this according to the DHCP logs. If you set the Windows machine to Auto Detect Settings, it seems happy. HTTP and HTTPS work.

    I have a MacBook on 10.6 which ignores everything I tell it to use (auto, pac), but is happy with explicit entries

    iPhone with iOS6 - unhappy with PAC, doesn't request option 252.

    Turning on transparent proxy, everything connects on HTTP but not HTTPS - as expected

    Does anyone have a solution working where BYOD users can get HTTPS sites? Help!

  7. #7

    Join Date
    Feb 2012
    Location
    West Midlands
    Posts
    46
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    7
    Transparent proxying/filtering of HTTPS will send an invalid certificate (from the router) the client must first trust as it has to do deep packet inspection (if supported). Basically the destination address cant be read from the connection packet as its encrypted so it has to decrypt and reencrypt data. I don't have a smoothwall but a fortigate so cant really help much more I'm afraid.

SHARE:
+ Post New Thread

Similar Threads

  1. Windows 7 activation through a Smoothwall proxy
    By Ric_ in forum Internet Related/Filtering/Firewall
    Replies: 24
    Last Post: 14th May 2013, 10:27 AM
  2. SmoothWall Temp Ban Issue
    By mmoseley in forum Wireless Networks
    Replies: 4
    Last Post: 10th October 2008, 11:56 AM
  3. Squid - Transparent - HTTPS Issue
    By ahuxham in forum *nix
    Replies: 1
    Last Post: 25th May 2008, 11:04 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •