Thursday, March 5, 2020

Wireless Device Isolation from SSL Inspection [Help Request]

We recently deployed a Barracuda F18 firewall on a small/medium size business. SSL inspection is enabled so a certificate was deployed to the network via GPO to avoid issues with certificate. The firewall is configured into a bridge configuration with all WAN traffic going through to a mikrotik 951G after SSL inspection and IPS and content filtering.

The issue we are experiencing is wireless devices such as mobile phones/ipads are connecting to the network and as such not getting the certificate from group policy. Causing them to get certificate problems on all apps and web browsing. (No issue with laptops)We have tested installing the certificate on these mobile devices however still experience certificate issues and apps just refusing the connection while some apps choose to work using the certificate.

The wireless network is a unifi environment with a cloud key linked into our portal

Ideally we would like to keep the wireless network to go through the firewall before reaching the internet however we are trying to identify a way to not have mobile phones/ipads. Also trying to avoid the purchase of new equipment if possible.

Any advice would be helpful and will provide further information as requested.

Current traffic flow

Internet-----> Mikrotik 951G (10.0.0.254)------->Barracuda F18 Firewall(10.0.0.253)----->Switch(basic)----->Lan/Wifi(10.0.0.x/24 DHCP provided by onsite server)



No comments:

Post a Comment