Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2021

    Default SSL Inspector/Web filtering is not working properly on Untangle Cloud Appliance


    A couple of years ago I set up a physical Untangle appliance (version 14.x) in which I was able to set up the SSL Inspector and Web Filtering without issues.

    A few days ago I create a new instance of Untangle (version 16.2.0) and this time was in the Cloud. However, I just can't make the configuration work.

    I was able to configure the OpenVPN server (IPSec didn't want to work ) and it worked.

    Before enabling the Web Filtering and SSL Inspector, I created the Certificate that matches my domain, and then I installed the root certificate in the corresponding machines, and actually when I verify the certificate my domain appears in the "Issued by" section.

    I wanted to "Restrict Google applications", block porn sites and some social media services like Facebook.

    However, I'm not being able to succeed in any of the above but blocking Facebook.

    • For the Google applications, I configured the desired domains I wanted to allow for Google applications. Then I tried with different configurations found in the wiki and in the forum, none of them worked, I'm was able to login with personal Gmail accounts. Those configurations include enabling and disabling the "Block QUIC", "Process HTTPS traffic by SNI", etc.

    • For the porn sites, I checked the "block" checkbox in the categories and when I tested some porn sites I was able to access all of them. Later, I tried manually setting up "" in order to check if at least that site was blocked, and unfortunately, nope.

    • For blocking Facebook the only way I was able to "make it work" was by following these steps: How-do-I-block-Facebook-YouTube

      I quoted the "make it work" because when I browse to, instead of redirecting me to the custom blocking page I configured, the browser just shows "This site can't be reached ".

    • Even though it is not recommended to enable the "Inspect all traffic" option, enabling it was the only way to actually be able to navigate to different sites. I believe that maybe is something to do with the TLS 1.3 option. I read, in other posts, that this option is causing some issues. Is that correct?

    I expended few hours in the forum and in the wiki trying to make it work, no luck. I'm a little frustrated because the first configuration I ever tried (a few years ago) all worked flawlessly and now with this new setup, I'm not able to make anything work.

    Do you guys have any idea?

    Thanks a lot!
    Attached Images Attached Images

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Sunnyvale, CA


    Turn off SNI if using SSL Inspection.
    Last edited by jcoffin; 01-31-2021 at 06:37 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email

  3. #3
    Join Date
    Jan 2021


    Hello, @jcoffin

    I'll try it and come back with the results.


  4. #4
    Join Date
    Jan 2021


    Hello everyone,

    I made further tests with the changes that jcoffin suggested, and the results remained the same: No blocking, Gmail consumers apps remain accessible, etc.

    Another thing that I noticed is that, according to the Untangle Wiki, enabling the option of "Inspect all traffic" is not the best way to go. However, this was the only way I made it possible to load websites, otherwise, an error message was received.

    The same happened with the preset rules, for instance: dropbox, by default it is "Ignore", but only when I changed it to "Inspect" the page did actually load.

    The rules and configuration are attached in the images section.

    I only was able to "block" a porn site (pornhub), just because I found that name in the "Applications Control" app, but there are tons of adult content sites, making it impossible to add one by one in the "Applications Control" app.

    I'll try to set up a physical appliance with two NICs in order to compare if I obtain the same results.





Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2