Mexico and proxy certificat

Hello

I am using a Firebox M370 and for a few days we have been experiencing problems with HTTPS proxies, so far everything has worked fine. We have certificates that are not the correct ones from the Firebox, it is not the proxy certificate that is returned but the default web certificate. As a result we have security errors, especially on Google Chrome.

However, if we access a site directly, it works well.

I ended up finding a temporary workaround while waiting for a response from the support. I had to authorize Mexico in the Geolocation rules for each proxy Geolocation rules !

Other people had this problem ?

Regards

Comments

  • I do not know why the certificate returned by the Firebox M370 is not the proxy certificate but I found the cause of the geolocation problem. For example the IP address 216.239.38.117 which is a Google server is sometimes located in the USA sometimes in Mexico !! test with https://dnschecker.org/ip-location.php.
    Geolocation is active for HTTPS Proxy and HTTP too.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @Philippe_Rose

    Google, and other content providers will often dynamically adjust what servers are replying to you based on load and other factors. I would suggest blocking countries as conservatively as possible.

    Another good example of this is there is a very large data-center in Ireland, and many companies will base their cloud operations there to conform with GDPR rules, despite not being located there.

    The firewall will have no control over what server the web server like google's services decide to send you to. If that country is blocked in your geolocation list, it will not be allowed.

    -James Carson
    WatchGuard Customer Support

  • Good to hear that others suddenly had this as well. Just had a few support calls for this issue and initially panicked that there was some rogue redirection issue. We've whitelisted *.google.com to resolve it but was an odd start to the day.

  • I had to unblock Ireland a while back due to lots of Geolocation failures, and now I know why. I also have been getting a geo block for a few weeks when trying to reach virustotal.com, but not if I try to reach www.virustotal.com. I am using CleanBrowsing.com for my DNS forwarders on my server. I guess I will have to unblock Mexico or keep adding exceptions.

    Gregg Hill

  • I am also having this problem on one of my Fireboxes - the other works correctly. I will try to work to a more granular level that "Mexico"

    I suggest that unblocking Mexico might be risky given that it is the home of many drug cartels. In my experience, drug cartels and cyber crime seem to have a close relationship.

    Adrian from Australia

  • So far, the only site that brings up the Mexico block is virustotal.com. I wouldn't open the whole country, either.

    Gregg Hill

Sign In to comment.