Error while accessing site
Darshil
Newbie ✭
One user are getting below error while accessing zoom session.In error we see that 'This server could not prove it is zoom,its security certificate is from 172.16.72.25'. The 172.16.72.25 is our firewall lan IP address.We are not using dpi-ssl scanning in firewall so why we are getting below error. What could be the possible reason.
@shiprasahu93 @Saravanan @Poorni_5 @Nevyaditha @Vigneshkumar_S
Category: High End Firewalls
0
Answers
One user are getting below error while accessing zoom session.In error we see that 'This server could not prove it is zoom,its security certificate is from 172.16.72.25'. The 172.16.72.25 is our firewall lan IP address.We are not using dpi-ssl scanning in firewall then why we are getting below error and what could be the possible reason.
Hello @Darshil,
Only while performing Client DPI SSL, SonicWall would sign the server certificate with the DPI SSL CA and present to the end client. I could not find any reported issue on my end on this matter.
I checked some online forums for Zoom and found similar complaints with multiple vendors. It would be best to perform packet capture while accessing that website to see what this is taking place.
I would suggest reaching out to our Support team for a thorough analysis on this matter.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi,
Please make sure your firewall have the latest firmware installed. (recommended 6.5.4.6)
Above Firmware having fix for the SSL Control prevents traffic to HTTPS TLS v.1.2 sites, possibly due to a false positive.
Hello @Darshil - I think you must be using DPI-SSL. This error is what you would expect when using it and the Root Certificate has not been installed on the user's computer. This installation results in the DPI-SSL certificate being trusted. Below I show what it looks like when a host on the LAN is subject to DPI-SSL, and the Root Certificate has not been installed. I get a certificate error and the image shows details of the untrusted Root certificate.
I suppose it's possible that you were previously using DPI-SSL, and this user's web browser failed to connect during that time, and now the error is being served out of web browser cache.