Cannot access website due to ECDHE ciphers in a transparent deployment

Article Id: 168442
Status: Published
Updated On: 03-10-2017 21:54
Legacy Id: TECH245080
Products:
ProxySG Software - SGOS
Issue/Introduction:

Support for ECDHE ciphers was introduced in SGOS 6.5.6.1. If your appliance is running a version earlier than SGOS 6.5.6.1, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.

Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.

To create a TCP tunnel while intercepting:

  1. In the Management Console, select Configuration > Services > Proxy Services.
  2. Click New Service.
  3. Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
Note: The following example uses the IP address for https://www.learbenefits.com. To determine the web server IP address of the website you want to visit, in the CLI, enter the command dnslookup <website_hostname> from any client machine or #test dns <website_hostname>
  1. Select Intercept for the action.
  2. Click OK > Apply.  
Edit Service