ProxySG & Advanced Secure Gateway

Dear All,

   If on Proxy enable only  TLSv 1.0,1.1 not enable TLSv1.2   My customer have issue cannot access some website use only TLSv1.2

please recommend how can config or have any workaround to can access website. and on proxy cannot enable TLSv1.2

Hi Chakuttha,

             It is clear from your query on why TLSv1.2 is not enabled but enabling that would be the best going forward. If customer is having valid reasons for not doing so, you will have to set your proxy to not handover the traffic to SSL Proxy service. This will make sure that the connection is not broken by the "Proxy" due to TLSv1.2 being not enabled. In explicit proxy, you can do this by bypassing detect protocol (detect_protocol(no)) for the affected domain. In case of transparent deployment, you can either static bypass or TCP-Tunnel the traffic towards this specific server. Like i have mentioned at start, enabling TLSv1.2 is highly recommended.

Thank you so much.

Dear Aravind

 This customer Explicit deployment  Can i create CPL non detect protocol about issue website?

Hi Chakuttha,

               Yes, bypassing Detect Protocol will be enough to deal with this. Like I have mentioned, we are only bypassing the proxy's SSL-Proxy service from the equation. Still, the client and server compatibility will be in picture.Sample policy is below (added an ALLOW too)

<proxy>

url.domain=abc.com detect_protocol(no) allow

Dear Aravind,

 Thank you so much.