i purchased the GFI WebMonitor software to use it as category and DNS - based filter for unwanted traffic inside of our enterprise infrastructure.
So basically i just wanted to filter HTTP and HTTPs traffic without breaking any TLS-certificate connection.
Due to privacy concerns i really don't want to read or scan HTTPs Traffic but instead just block any DNS connections which are unwanted.
So far i managed to block many HTTP Requests and many category based Traffic.
As soon as i try to open any HTTPs Connections like "https://facebook.com" i get the following error message: Mozilla Firefox:
Secure Connection Fails - SSL_ERROR_RX_RECORD_TOO_LONG IE/Edge:
no secure connection to this site possible - the site u are trying to visit may uses insecure TLS or is to old. Note: "de-de.facebook.com" gets blocked successfully because it is requested as HTTP and gets filtered by the WebMonitor
I troubleshooted alot and also blocked HTTP/HTTPS Connections, only allowing the Proxy by using the following Firewall Rules:
- Rule : Permit ---> TCP ---> <My Static Private IP> ---> <Proxy Private IP> ---> Port 8080
- Rule : Permit ---> TCP ---> <Proxy Private IP> ---> Untrusted-Net ---> Port 80
- Rule : Permit ---> TCP ---> <Proxy Private IP> ---> Untrusted-Net ---> Port 443
- Rule : Deny ---> TCP/UDP ---> <My Static Private IP> ---> Untrusted-Net ---> Port 80
- Rule : Deny ---> TCP/UDP ---> <My Static Private IP> ---> Untrusted-Net ---> Port 443
After that i also tried to use the HTTPs generated root-Cert from the GUI ( HTTPs-Scanning )
by including the .cer file to one of my trusted root certificate directorys exactly like described in your many tutorials.
Sadly without success. Even after changing from "Simple Proxy Mode" to "Gateway Mode" no change were noticeable while testing the configurations. My current configuration is the following: Version:
GFI WebMonitor 10 (build: 20170516) Network Mode:
Gateway Mode Transparent/Caching Proxy:
Everything updated to the newest version
I really don't know what iam missing at this point...
Can anyone advise or is there anyone who could already fix this specific SSL_ERROR Problem??
Thanks alot! :)
<message edited by KevinL123 on Thursday, June 29, 2017 3:13 PM>