5.2.1 - DLP with deep-inspection breaks IE8

Wayne11 · ‎11-11-2014

Hi

Unfortunately we still have a few Windows XP with IE8 and after the update from 5.0.7 to 5.2.1 the DLP together with deep-inspection breaks the IE8, can't reach some SSL sites, for example [link]https://www.google.com.[/link] Normal http is still working and most other SSL sites as well, even banking websites. As soon as we disable the DLP or switch from deep-inspection to certificate-inspection on the policy everything is back to normal. Of course the certificate is still installed on those WinXP computers and with FF or Chrome we can reach everything without any problem. All Win7 and newer have no problem at all, so for sure it's a MS IE8 bug. Anyone an idea what has changed in the dependency of deep-inspection and DLP? I still would like to be able to block some patterns in a SSL stream until we could kick those old XP machines.

Thx

Wayne11 · ‎11-12-2014

After a few tests I guess it's because the IE8 doesn't support SNI and Google has replaced their ceriticates with 2K and SNI header. But I still don't get it why Deep-Inspection with Webfilter is working fine, means can break up the encryption, scan for webfilter content, AV, IPS and afterwards encrypt again and forward the traffic to the computer without IE8 is having any problem, but if the DLP is enabled too, IE8 can't handle it anymore.

I guess we have to install FF on those XP machines for the next few weeks and the problem will be solved, but anyway I would like to understand the influence of the DLP engine to the encryption or certificate header level.

Anyone an idea?

Thx

5.2.1 - DLP with deep-inspection breaks IE8

Nominate a Forum Post for Knowledge Article Creation