Support for ECDHE ciphers was introduced in SGOS 184.108.40.206. If your appliance is running a version earlier than SGOS 220.127.116.11, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.Note:
This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.
To create a TCP tunnel while intercepting:
- In the Management Console, select Configuration > Services > Proxy Services.
- Click New Service.
- Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
The following example uses the IP address for https://www.learbenefits.com
. To determine the web server IP address of the website you want to visit, in the CLI, enter the command dnslookup <website_hostname>
from any client machine or #test dns <website_hostname>
- Select Intercept for the action.
- Click OK > Apply.