Support for ECDHE ciphers was introduced in SGOS 6.5.6.1. If your appliance is running a version earlier than SGOS 6.5.6.1, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.
Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article
Some HTTPS websites will not load using the ProxySG appliance.
To create a TCP tunnel while intercepting:
- In the Management Console, select Configuration > Services > Proxy Services.
- Click New Service.
- Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
Note: The following example uses the IP address for
https://www.learbenefits.com. To determine the web server IP address of the website you want to visit, in the CLI, enter the command d
nslookup <website_hostname> from any client machine or
#test dns <website_hostname>
- Select Intercept for the action.
- Click OK > Apply.