Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[IAG] 163 mailbox audit failed – SSL content recognition is not effective

Posted
Updated
Byadmin
Views1

Problem Description

The web version of 163 mailbox cannot be audited

Process——

  1. Check whether the user has made an audit policy. It is found that the outgoing web email content is checked, and SSL content recognition is also enabled normally. The 163 mailbox domain name is also added to the domain name list.

    150205c0e647d252b1.png (59.01 KB)
  2. Open the mail.163.com domain name and find that the website's certificate is not the IAG device's certificate, indicating that SSL content recognition is not effective.

    519925c0e6531168dd.png (52.07 KB)
    After the normal certificate is replaced, the issuer will be as shown in the figure below

    671565c10e9f9b3b5e.png (22.8 KB)
  3. Check whether the PC's DNS is the public DNS. It is found that the PC's DNS is the public DNS 114.114.114.114, which eliminates the possibility that the DNS causes the SSL content recognition to fail.
  4. The network environment is deployed in IAG master-master mode. One AF is connected to the network. Packets are captured on both IAG devices for the source IP of the test host, as shown in the following figure.

    391995c0e66de09d8e.png (53.6 KB)
  5. After opening mail.163.com, stop capturing data packets immediately, and use wireshark to open the data packets captured by the two devices for analysis.
    Filter DNS packets on wireshark filter. It was found that when filtering DNS packets, both devices only had one-way DNS packets.

    166475c0e684db35e8.png (44.69 KB)

    404385c0e6863f16df.png (45.61 KB)
    It can be determined from the data packets that the round-trip paths are inconsistent.
    Inconsistent data round-trip paths will cause SSL content recognition to fail to take effect. The network environment needs to be adjusted to make the round-trip paths of data packets consistent so that SSL content recognition can take effect.
  6. After the SSL content takes effect, the 163 mailbox audit is normal.

solution

The network environment needs to be adjusted to ensure that the round-trip paths of data packets passing through the IAG are consistent so that SSL content identification can take effect. Only after SSL content identification takes effect can 163 mailbox be audited normally.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6671&isOpen=true