Cannot access website due to ECDHE ciphers in a transparent deployment
Article ID: 168442
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Support for ECDHE ciphers was introduced in SGOS 6.5.6.1. If your appliance is running a version earlier than SGOS 6.5.6.1, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.
Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.
To create a TCP tunnel while intercepting:
Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.
To create a TCP tunnel while intercepting:
- In the Management Console, select Configuration > Services > Proxy Services.
- Click New Service.
- Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
Note: The following example uses the IP address for https://www.learbenefits.com. To determine the web server IP address of the website you want to visit, in the CLI, enter the command dnslookup <website_hostname> from any client machine or #test dns <website_hostname>
- Select Intercept for the action.
- Click OK > Apply.
Attachments
Feedback
Powered by
