I am interested to know how other customers are able to present a block page when a user is browsing from a network segment that has an SSL Decrypt Bypass policy applied. Currently, users are shown a generic "this site can't be reached" message versus our branded block page. Netskope Support stated the branded block page (custom User Notification) cannot be displayed since Netskope is not intercepting the traffic due to the SSL Decrypt bypass policy. Is anybody else experiencing the same issue?
This topic has been closed for replies.
+9Hi Dbrattrbi
From a technical perspective, when a client/browser makes a HTTP request over an SSL session (HTTPS), the proxy in the middle (e.g Netskope) has 2 options:
1. SSL intercept the connection and return its own HTTP content inside the SSL tunnel.
2. Terminate the TCP connection with a TCP RESET
Without SSL interception being enabled (because there is a bypass in place) the proxy (Netskope) cannot open the encrypted SSL tunnel and return its own block page back to the browser.
Therefore, the only option is for the connection to be terminated with a TCP RESET. When the connection is terminated, the browser doesn't know why and the proxy can't return a reason (e.g a HTTP 403 response code), resulting in the generic browser error you see.
I hope that helps explain the actual reason why having an SSL bypass results in a generic browser error, rather than the branded block page?
+15Hi, @Dbrattrbi. Thanks for joining the Netskope Community!
If @rthomson provided you with an acceptable solution to your question, can you mark the reply as "Accept as Solution"? An Accepted Solution is a way for you to choose the response that best answers a question that you've posted. When you accept a solution, both the question and the solution get unique icons and links that take you directly from the question to the answer.
Thanks for contributing to the Netskope Community.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.