Jump to content


SSL Inspection and HTTPS filtering conflict with


This topic has been archived. This means that you cannot reply to this topic.
No replies to this topic

#1 Johnny Lee Conroy

Johnny Lee Conroy
  • Members
  • 33 posts

Posted 06 August 2019 - 11:17 AM

Just an FYI that was discovered by us recently in collaboration with Barracuda tech support.


The gist is, if you use SSL Inspection on your gateway, don't also have HTTPS filtering enabled.  The two seem to conflict, especially after upgrading to the most recent firmware,


We turned SSL Inspection on a year or more ago in order to allow an exemption for certain users to access https://outlook.office365.com/EncryptionURLsin order to pick up encrypted emails sent from users of that platform.  (We have an internal Exchange server, so users don't generally need access to Office365.  In fact, we have the entire Web-based Email content category blocked.)


We also had HTTPS filtering on to allow us to block HTTPS sites.  Those two things had never conflicted before we upgraded to the latest firmware.  The "conflict" showed by the exemption mentioned above stopping working and some HTTPS sites were not showing up in the web log.


Turns out we get everything we need from having the SSL Inspection turned on.  Even though it is only configured to apply to a specific Active Directory security group, and to the category of Web-based Email, it recognized all HTTPS traffic in the web log and the exemption we have in place works again.


Much thanks to Brent @ Barrcuda for his persistence figuring out what was going on.  Hopefully this post helps someone avoid a lot of time diagnosing this issue.


Johnny Lee


P.S. I incorrectly referenced firmware version in the title, rather than the correct version which is