Browser error on IPsec VPN if first request is HTTPS

book

Article ID: 169341

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

If you are using the following deployment method and configuration, clients receive a browser error if their first request is HTTPS and their session is not authenticated to WSS before the first connection attempt.

  • Access Method: IPsec VPN
  • Authentication: Auth Connector with Captive Portal
  • SSL Interception: Enabled\Disabled

Here is some sample verbiage of error pages from different web browsers:

Internet Explorer: This page can't be displayed. Turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to https://www.example.com again.

Chrome: This site can't be reached.  www.example.com unexpectedly closed the connection.

Firefox: Secure Connection Failed. The connection to www.example.com was interrupted while the page was loading.

Cause

This is the expected behavior for current WSS solution.

Environment

Browser error on IPsec VPN if the first request is HTTPS (SSL enabled/disabled)

Resolution

Contact your Symantec Sales Engineer to request a Feature Request.

Workaround

Request users browse an HTTP site to get authenticated first before browsing HTTPS site.