So after implementing MWG 7.0 in our environment I started to get these messages from users that they get frequently an error "The URL is not valid and cannot be loaded" on HTTPS pages. This error is Firefox specific and I can't figure out any connections between MWG rules, Firefox versions, etc.
Definitely it is somehow related to SSL Scanner, but what is wrong? SSL Scanner Ruleset is imported and has Skype bypass rules added, nothing else (some lists are also populated).
Also I never get the same error, even if I browse same links as users.
I think more information is required in order to understand what is happening here. From the screenshot it is pretty hard to guess what is going wrong.
Can you verify the issue only happens for HTTPS sites?
With SSL Scanner disabled, do the problems go away?
Is this a permanent or a sporadic issue?
Do you have any chance to replicate the issue (maybe with the help of a user who sees this problem), and capture the connection? On Troubleshooting -> Packet tracing you can write the communication into a file which helps to show what is happening in the network.
In case you run a packet tracing, please add "-s 0" into the command line options and make sure you
- start the capture
- replicate the problem
- stop the capture
within a short period of time to reduce the data that is being logged.
Can you maybe also share the SSL Scanner rule set, especially the Skype exceptions that have been made?
So after some digging made:
It happens only for HTTPS sites, only with Firefox (different versions), but not on all computers (both XP and Win 7). Everything works fine on IE and Chrome.
Problem goes away if I disable "SSL Scanner -> Contect Insperction -> Enable Content Inspection" rule, so content inspection seems to mess up something for some FF-s.
So far solutions:
Add sites to the "SSL Inspection White List".
Add Web gateway certificate to FF "Ceritificate Manager" (although most computers work without the certificate).