Jump to content


Photo

SSL Inspection and HTTPS filtering conflict with 14.4.0.014

SSL

  • Please log in to reply
No replies to this topic

#1 Johnny Lee Conroy

Johnny Lee Conroy
  • Members
  • 32 posts

Posted 06 August 2019 - 11:17 AM

Just an FYI that was discovered by us recently in collaboration with Barracuda tech support.

 

The gist is, if you use SSL Inspection on your gateway, don't also have HTTPS filtering enabled.  The two seem to conflict, especially after upgrading to the most recent firmware, 14.1.0.014.

 

We turned SSL Inspection on a year or more ago in order to allow an exemption for certain users to access https://outlook.office365.com/EncryptionURLsin order to pick up encrypted emails sent from users of that platform.  (We have an internal Exchange server, so users don't generally need access to Office365.  In fact, we have the entire Web-based Email content category blocked.)

 

We also had HTTPS filtering on to allow us to block HTTPS sites.  Those two things had never conflicted before we upgraded to the latest firmware.  The "conflict" showed by the exemption mentioned above stopping working and some HTTPS sites were not showing up in the web log.

 

Turns out we get everything we need from having the SSL Inspection turned on.  Even though it is only configured to apply to a specific Active Directory security group, and to the category of Web-based Email, it recognized all HTTPS traffic in the web log and the exemption we have in place works again.

 

Much thanks to Brent @ Barrcuda for his persistence figuring out what was going on.  Hopefully this post helps someone avoid a lot of time diagnosing this issue.

 

Johnny Lee

 

P.S. I incorrectly referenced firmware version 14.4.0.014 in the title, rather than the correct version which is 14.1.0.014.