Cannot access website due to ECDHE ciphers in a transparent deployment

book

Article ID: 168442

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Support for ECDHE ciphers was introduced in SGOS 6.5.6.1. If your appliance is running a version earlier than SGOS 6.5.6.1, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.

Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.

To create a TCP tunnel while intercepting:
  1. In the Management Console, select Configuration > Services > Proxy Services.
  2. Click New Service.
  3. Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
Note: The following example uses the IP address for https://www.learbenefits.com. To determine the web server IP address of the website you want to visit, in the CLI, enter the command dnslookup <website_hostname> from any client machine or #test dns <website_hostname>
  1. Select Intercept for the action.
  2. Click OK > Apply.  
Edit Service
 

Attachments