Internet Related/Filtering/Firewall Thread, Meraki MX80 and HTTPS Issues in Technical; Evening All
I've just moved to a school that has a new Meraki MX80 Firewall doing the web filtering. I'm ...
12th March 2014, 06:57 PM #1
- Rep Power
Meraki MX80 and HTTPS Issues
I've just moved to a school that has a new Meraki MX80 Firewall doing the web filtering. I'm not getting much help from the company who installed the solution and its causing us all sorts of issues with HTTPS connections I wonder if anyone has any experience with this device (I've used Smoothwall previously). For some sites (all of the google https services including google drive etc) it immediately returns you a page cannot be displayed error and whilst Youtube is supposed to be filtered you seem to be able to just avoid it completely by going to the https version.
Before I start getting into the settings on it I'd appreciate if anyone here has any experience with this box as to what I should be looking for and what kind of things to check?
Mucho thanks in advance if anyone can lend a hand, I want to spend some serious time with the Meraki setup at the moment but you can imagine just a few weeks into the job I have a tonne to do!
12th March 2014, 09:36 PM #2
- Rep Power
I don't have experience with that particular product (or Meraki's Firewall line in general) but the issue you're describing sounds like HTTPS inspection/interception isn't turned on. In my experience most firewalls/proxies don't handle this well in transparent mode so you may need to check the proxy settings that are being used on the devices to ensure they're actually configured to force proxying of connections. Two things to keep in mind if you're doing HTTPS interception:
1) You will need a valid cert installed on the proxy/firewall that is signed by a Certificate Authority that all of your devices are configured to trust (so an internal CA that's pushed to the trust store or an external CA like Versign)
2) Depending on the laws in the UK you are likely required to clearly notify users that their HTTPS connections are being intercepted and to exclude bank and health care sites from inspection. IANAL (or in the UK) so this is merely what I have been told in the past in regards to UK law.
Thanks to AdonMalik from:
disco_samurai (13th March 2014)
13th March 2014, 12:45 PM #3
- Rep Power
Thanks for the advice!
I spent the morning looking through the device expecting something complicated only to find that the project engineers had blocked all the google sites manually instead of unblocking them during the project setup as the school had requested......
By glennda in forum Internet Related/Filtering/Firewall
Last Post: 21st December 2012, 10:47 AM
By 17thcpikeman in forum Windows
Last Post: 30th November 2007, 02:42 PM
By the_travisty in forum Web Development
Last Post: 10th October 2007, 06:09 PM
By daveyboy in forum MIS Systems
Last Post: 13th September 2006, 02:04 PM
By Kyle in forum MIS Systems
Last Post: 9th September 2006, 09:13 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)