Protocol Detection and SSL Interception combinations and outcomes when exceptions must be returned.
searchcancel
Protocol Detection and SSL Interception combinations and outcomes when exceptions must be returned.
book
Article ID: 173494
calendar_today
Updated On: 02-04-2019
Products
ProxySG Software - SGOS
Issue/Introduction
The purpose of this article is to describe the behavior obtained when a connection is denied different combinations of Protocol Detection and SSL Interception are used. This applies to Explicit environments only.
Resolution
We will split it into four possible situations and outcomes. In all of them, we will suppose that a request is being blocked via policy:
Detect Protocol is enabled and the proxy is performing SSL interception on exception (default setting)
Packet capture: Response to the CONNECT request is 200
Policy trace: Response to the CONNECT request is 403
Outcome: Exception page returned to the client as long as the client has the proper certificate installed.
Detect Protocol is disabled (default setting) and the proxy is performing SSL interception on exception (default setting)
Packet capture and policy trace: Response to the CONNECT request is 403
Outcome: Browser error, example: "Page cannot be displayed"
Detect Protocol is enabled and SSL Interception is disabled via policy
Packet capture: Response to the CONNECT request is 200, but after the client sends the Client Hello, proxy replies with a RST-ACK.
Policy trace: Response to the CONNECT request is 200
Outcome: Browser error, e.g: "Page cannot be displayed"
Detect Protocol is enabled and SSL Interception enabled via policy
Packet capture: Response to the CONNECT request is 200. 403 response to the encrypted request (seen as Application Data)
Policy trace: Response to the CONNECT request is 403.
Outcome: Exception page returned to the client as long as the client has the proper certificate installed.