https proxy for iphones

Hi All, Im trying to restrict internet access for all of our company iphones while on the wifi network. I have setup an http and https proxy attached to a webblocker profile and this works fine for android phones. But the https proxy breaks internet access for any iphones. Any ideas where it could be going wrong?

Comments

  • I have deep inspection enabled on my non-cell iPad without issues.
    I have not tried it on my iPhone.

    Anything obvious in Traffic Monitor?

  • I can see the allowed traffic on the http proxy and some traffic being denied to google services on non web traffic. But nothing against the https proxy. Just tried browsing in firefox on the iphone and I see an error. An SSL error has occured and a secure connection to the server cannot be made. This is just trying to get to the google homepage.

  • I have no issues accessing Google using Firefox.
    I log URLs in the HTTP proxy action set in the HTTPS proxy action, so that I can see the URL being accessed for inspected web site access.

    Here are the 1st 3 log entries when I accessed Google.com using Firefox

    2020-10-20 09:13:07 Allow 10.0.1.3 172.217.15.72 https/tcp 51536 443 Trust-VLAN External ProxyInspect: HTTPS domain name match (HTTPS-proxy_from_iPad-00) HTTPS-Client-DPI.iPad.1 proc_id="https-proxy" rc="592" msg_id="2CFF-0003" proxy_act="HTTPS-Client-DPI.iPad.1" rule_name="Default" sni="www.googletagmanager.com" cn="*.google-analytics.com" ipaddress="172.217.15.72" geo_dst="USA" Traffic
    2020-10-20 09:13:07 Allow 10.0.1.3 172.217.2.106 https/tcp 51538 443 Trust-VLAN External ProxyInspect: HTTPS domain name match (HTTPS-proxy_from_iPad-00) HTTPS-Client-DPI.iPad.1 proc_id="https-proxy" rc="592" msg_id="2CFF-0003" proxy_act="HTTPS-Client-DPI.iPad.1" rule_name="Default" sni="ajax.googleapis.com" cn="upload.video.google.com" ipaddress="172.217.2.106" geo_dst="USA" Traffic
    2020-10-20 09:13:07 Allow 10.0.1.3 172.217.13.68 https/tcp 51539 443 Trust-VLAN External ProxyInspect: HTTPS domain name match (HTTPS-proxy_from_iPad-00) HTTPS-Client-DPI.iPad.1 proc_id="https-proxy" rc="592" msg_id="2CFF-0003" proxy_act="HTTPS-Client-DPI.iPad.1" rule_name="Default" sni="www.google.com" cn="" ipaddress="172.217.13.68" geo_dst="USA" Traffic

  • thanks Bruce. Pointed me in the right direction. https proxy action was pointed at the wrong webblocker profile

Sign In to comment.