Cannot access website due to ECDHE ciphers in a transparent deployment


Article ID: 168442


Updated On:


ProxySG Software - SGOS


Support for ECDHE ciphers was introduced in SGOS If your appliance is running a version earlier than SGOS, you can use TCP tunneling while intercepting to access websites that use ECDHE ciphers. Tunneling while intercepting also allows reporting of these types of calls.

Note: This article provides instructions for transparent deployments. For explicit deployments, refer to the Knowledge Base article Some HTTPS websites will not load using the ProxySG appliance.

To create a TCP tunnel while intercepting:
  1. In the Management Console, select Configuration > Services > Proxy Services.
  2. Click New Service.
  3. Create a TCP tunnel. Under Listeners, enter the web server IP address as the Destination IP.
Note: The following example uses the IP address for To determine the web server IP address of the website you want to visit, in the CLI, enter the command dnslookup <website_hostname> from any client machine or #test dns <website_hostname>
  1. Select Intercept for the action.
  2. Click OK > Apply.  
Edit Service