Jump to content

Encryption connection scanning (Kaspersky in the middle HTTPS scanning) is conflicting with Phoenix Contact mGuard industrial VPN service


Recommended Posts

Posted

The mGuard RS series of VPN routers will fail when attempting to use the firewall administration interface while VPN’d into the unit, if the Kaspersky “Encryption connection scanning” setting is enabled.  There are multiple items that fail in the web interface that are symptoms of the failure.   The same symptoms take place across chrome, edge and firefox browsers.

  1. The mguard firewall administration interface will frequently fail while navigating in the administration UI with the message “could not connect to mguard service, retrying” and force a complete logout/login to reconnect.
  2. The “Interfaces” » Network Status table will never show external IP, Current Default Route, and Used DNS Servers values on that page (it will remain blank reguardless of what you do).
  3. When saving a configuration, the “reloading” pinwheel never goes away and the save button never returns without logging off and loggin in again.

I realize this is an extremely esoteric issue set, but I wanted to get this posted in case anyone else workign with thes industrial vpn firewall routers runs into issues as well.   I’ve reported this to Phoenix Contact as well, but disabling the “Encryption connection scanning” including for firefox has made this issue go away.

 

I’m kind of uncomfortable with this setting, now that I’m aware of it, being enabled anyway.  What justification is there for a 3rd party to be intercepting https traffic…  I guess to deal with malware scenarios but mozilla and chrome teams have advised vendors NOT to do this multiple times now.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...