Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Websense® Content Gateway v7.x: Troubleshooting : Dropped HTTPS connections
Dropped HTTPS connections
Topic 60043 | Content Gateway Troubleshooting | Updated: 28-October-2013
Applies To:
Websense Content Gateway v7.x
Websense Web Security Gateway / Anywhere v7.x
Some application protocols that tunnel over port 443 may attempt to establish a connection with Content Gateway using an HTTPS standard that Content Gateway does not recognize. When SSL is enabled, these application protocols cannot connect with Content Gateway. QIP 2005 is an example of this type of application protocol.
When SSL is disabled, this is not an issue.
The issue is easily resolved in either of two ways:
*
Configure Content Gateway to tunnel unknown protocols.
*
Add incidents to the Content Gateway SSL Incidents list to tunnel these application protocols.
Tunneling unknown protocols
Content Gateway can be configured to tunnel all unknown protocols. However, because this option allows all traffic to tunnel through port 443, it seriously compromises network security.
To tunnel unknown protocols in versions 7.7.3 and later:
1.
Log on to the Content Gateway manager and go to Configure > Protocols > HTTPS.
2.
Enable the Tunnel Unknown Protocols option, click Apply and restart Content Gateway.
To tunnel unknown protocols in versions 7.7.0 and earlier:
1.
Log on to the Content Gateway host system as root, or acquire root privileges.
2.
Run export LD_LIBRARY_PATH=/opt/WCG/sxsuite/lib.
3.
Run /opt/WCG/sxsuite/bin/oemtool profileconfig 1 tunnel_unknown_protocols yes.
4.
Run /opt/WCG/sxsuite/bin/oemtool get profileconfig 1 tunnel_unknown_protocols to confirm the parameter change.
5.
Restart Content Gateway.
Adding SSL incidents
You can add a URL to the SSL Incident list to allow Content Gateway to tunnel connections to specified HTTPS websites. This option has the advantage of easy configuration in the Content Gateway manager. However, it may be an impractical alternative if a large number of URLs must be entered.
To add a website to the SSL Incident List:
1.
In Content Gateway manager, go to Configure > SSL > Incidents > Add Website.
2.
In the URL field specify the URL that you want to tunnel.
3.
Select By URL and for Action select Tunnel.
4.
Click Apply.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Websense® Content Gateway v7.x: Troubleshooting : Dropped HTTPS connections
Copyright 2016 Forcepoint LLC. All rights reserved.