BugZero found this defect 41 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/23/2024
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
12.x
12.10.x
All
If you use WebBlocker with an HTTPS proxy, the Firebox might incorrectly mark the WebBlocker service as unavailable when it scans outbound HTTPS connections from host agents (such as AnyDesk or Mimecast) that do not specify a Server Name Indication (SNI) in the TLS handshake. To verify the problem, look in Traffic Monitor for traffic log messages that contain both of these: error="Webblocker server is not available" dstname= [parameter that is not a fully qualified domain name, such as “AnyNet Relay” or “Mimecast SDNSG”] Example traffic log message: 2024-04-08 12:18:25 Deny 10.0.1.1 212.102.40.162 https/tcp 63161 443 Trusted External ProxyDrop: HTTPS service unavailable (HTTPS-proxy-00) HTTPS-Client.Standard.Out proc_id="https-proxy" rc="594" msg_id="2CFF-0002" proxy_act="HTTPS-Client.Standard.Out" error="Webblocker server is not available" action="WBtest" cats="" dstname="AnyNet Relay" geo_dst="USA" Traffic WebBlocker will also generate a “curl returned error:” diagnostic log message that does not contain additional information. Example diagnostic log message: 2024-04-08 12:18:25 webblocker categorize_url: curl returned error: Debug
To exclude specific client traffic from being sent for categorization, in your WebBlocker actions, add a Pattern Match type WebBlocker exception for the client. For example, if you use AnyDesk, you might see dstname="AnyNet Relay" in the traffic log messages. To add the exception for this, use these settings: Match Type: Pattern MatchType: URLPattern: AnyNet Relay/* For locally-managed Fireboxes, you can add a regular expression WebBlocker exception in Policy Manager to include most host agents known to cause this issue. To do this, in Policy Manager, add a WebBlocker exception with these settings: Match Type: RegexType: URLRegular Expression: ^[^.]*$ For more information, go to Configure WebBlocker Exceptions (locally-managed Fireboxes) or Add Exceptions in WatchGuard Cloud (cloud-managed Fireboxes)