search cancel

Protocol Detection and SSL Interception combinations and outcomes when exceptions must be returned.

book

Article ID: 173494

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to describe the behavior obtained when a connection is denied different combinations of Protocol Detection and SSL Interception are used. This applies to Explicit environments only.

Resolution

We will split it into four possible situations and outcomes. In all of them, we will suppose that a request is being blocked via policy:

  1. Detect Protocol is enabled and the proxy is performing SSL interception on exception (default setting)

    Packet capture: Response to the CONNECT request is 200
    Policy trace: Response to the CONNECT request is 403
    Outcome: Exception page returned to the client as long as the client has the proper certificate installed.
     
  2. Detect Protocol is disabled (default setting) and the proxy is performing SSL interception on exception (default setting)

    Packet capture and policy trace: Response to the CONNECT request is 403
    Outcome: Browser error, example: "Page cannot be displayed"
     
  3. Detect Protocol is enabled and SSL Interception is disabled via policy

    Packet capture: Response to the CONNECT request is 200, but after the client sends the Client Hello, proxy replies with a RST-ACK.
    Policy trace: Response to the CONNECT request is 200
    Outcome: Browser error, e.g: "Page cannot be displayed"
     
  4. Detect Protocol is enabled and SSL Interception enabled via policy

    Packet capture: Response to the CONNECT request is 200. 403 response to the encrypted request (seen as Application Data)
    Policy trace: Response to the CONNECT request is 403.
    Outcome: Exception page returned to the client as long as the client has the proper certificate installed.