Here in this article we will troubleshoot the issue when website is not accessible due to HTTPS decryption enabled in sophos XG firewall.
First let us understand the issue in detail, consider one LAN machine in the internal network trying to access “outlook.com” and the web page is not loading. Identify the concerned firewall rule and check if HTTPS decryption is enabled in the firewall rule as shown below.
If HTTPS decryption is enabled, XG firewall will intercept the traffic when accessing the website. Some website vendors will treat this process as MAN IN THE MIDDLE ATTACK, so the webpage will not load. It is normal behavior. In order to prevent make website accessible through firewall, we need to create web exception for this website and exclude HTTPS Decryption for that website.
Click on the WEB menu and then click on web exceptions tab as shown in below image
Let’s say for example we were unable to access “firewallgeeks.com” website if https decryption is enabled. Now click on “Add exception“.
Fill the following details as per your requirement.
Name: Enter any name for web exception.
URL Pattern Matches: Under URL pattern matches section, enter “firewallgeeks.com” URL.
Skip Selected Checks: Under skip selected checks section, enable the HTTPS decryption exception, so that firewall will not decrypt traffic when accessing firewallgeeks.com website.
Here is the sample image as shown below
Now you have created web exception, firewallgeeks.com website will be accessed now.
Hope this article helps you.