Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Troubleshooting : Dropped HTTPS connections
Dropped HTTPS connections
Content Gateway Troubleshooting | Forcepoint Web Security | v8.4.x, v8.5.x | 30-Nov-2018
Some application protocols that tunnel using port 443 may attempt to establish a connection with Content Gateway using a variant of HTTPS that Content Gateway doesn't accept. When HTTPS is enabled in Content Gateway, these attempted connections are dropped by Content Gateway. Connections using QIP 2005 are an example of this type of application protocol.
When HTTPS is disabled, SSL connections don't pass through Content Gateway and this type of connection is not an issue.
When HTTPS is enabled, the issue can be handled in either of two ways:
*
*
Tunneling unknown protocols
Content Gateway can be configured to tunnel all unknown protocols. However, because this option allows all traffic to tunnel through port 443, it seriously compromises network security.
To tunnel unknown protocols:
1.
Log on to the Content Gateway manager and go to Configure > Protocols > HTTPS.
2.
Enable the Tunnel Unknown Protocols option, click Apply and restart Content Gateway.
Adding SSL incidents
You can add a URL to the SSL Incident list to allow Content Gateway to tunnel connections to specified HTTPS websites. This option has the advantage of easy configuration in the Content Gateway manager. However, it may be an impractical alternative if a very large number of URLs must be entered.
To add a website to the SSL Incident List:
1.
In Content Gateway manager, go to Configure > SSL > Incidents > Add Website.
2.
In the URL field specify the URL that you want to tunnel.
3.
Select By URL and for Action select Tunnel.
4.
Click Apply.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Troubleshooting : Dropped HTTPS connections
Copyright 2018 Forcepoint. All rights reserved.