cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

[MWG v8.2.x]HTTPS Scanning - Certificate Verif - Time quota

Hello to the community,

We had implemented in a lab a few years ago a rule set to allow users to access websites with certificate issues by clicking on the agree button. Doing that activated a time quota, which had a set amount for days, weeks and months.

We imported this rule, which we had exported at that time, and we're trying to get it to work again, but the result is that the quota is always evaluated as expired (traffic is never considered "IsActivationRequest"). Another co-worker who was testing also reported being redirected directly, never seeing the template warning page.

Any way we can make the ActivationRequest equals true, so we can start configuring this ruleset?

 

We thank in advance anyone who may provide attention and support to this request.

 

4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: [MWG v8.2.x]HTTPS Scanning - Certificate Verif - Time quota

Hello,

were you able to create a rule engine trace when clicking the "Activate" button? When hitting this button the browser calls a specific URL, which runs in to the rule engine and is identified as "IsActivationRequest = True". 

When this request leaves the rule engine without being blocked the quota session is started.

So the first thing to do should be a rule engine trace, so we can have a look. Generally I am not aware of any changes that should prevent you from using this functionality again.

Best,
Andre

Highlighted

Re: [MWG v8.2.x]HTTPS Scanning - Certificate Verif - Time quota

Hello, Andre

Thanks for your reply! And sorry for the delayed response, got stuck with another project.

By rule engine trace you mean a rule where the event is "Enable RuleEngine Tracing", like this?

Capture.JPG

If so, should I upload the tracing files here?

The thing is, we're not being able to make the "button" or the redirecting template page appear at all, only the quota exceeded template.

Thanks again!

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: [MWG v8.2.x]HTTPS Scanning - Certificate Verif - Time quota

Hello,

yes, it works by event or (more easily) using the "Rule Tracing Central" feature in the troubleshooting area. Just type in your IP, hit the button and replicate the issue.

It is exactly the request that immediately is answered with the "expired" screen I would like to look at. Additionally a feedback would be required so I can see the rules.

I recommend to create both and file an SR, then share the SR number with me so I can have a look at the data.

Andre

Highlighted

Re: [MWG v8.2.x]HTTPS Scanning - Certificate Verif - Time quota

Hello, Andre

 

Thank you for your support! I've opened the SR as per instructions, under # 4-21394231471. I've included the rule tracing files and feedback files for both appliances.

 

MWG version is actually 9.2.2 on our internal lab which we'll be using to test this. Version 8 is the scenario on our customer, which we're replicating on our lab.

 

We'll follow up on the request then, Thank you!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community