Issue:
- When the Web traffic scanning feature is enabled, some applications are unable to connect to an internal server and some URLs are inaccessible or some applications have connectivity or performance issues
- Java-based applications unable to connect to an internal server or there are connectivity issues.
Resolution:
If the Web Traffic Scanning is causing issues for an application that connects to an internal server, you can add the server address as trusted. This will exclude the network traffic from Web Traffic Scanning.
How to add the server address as trusted differs between Client Security and Server Security versions:
For Client Security 13.x:
- Log in to Policy Manager Console
- Select the host or domain from the Domain Tree
- Go to the Settings tab and select Advanced view
- Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers
- Click Add and enter the server address
- Distribute the policy (Ctrl+D)
- http://193.110.109.55/*
- http://sql-server-2008:8080/*
- SAMPLESERVER:8080/*
- Log in to Policy Manager Console
- Select the host or domain from the Domain Tree
- Go to the Settings tab and select Standard view
- Go to the Web content control page
- Click Add on the right side of the Trusted sites list
- Enter the server address in the Address column
- Distribute the policy (Ctrl+D)
- http://193.110.109.55
- http://sql-server-2008:8080
- SAMPLESERVER:8080
If the steps above did not solve your problem, disable Botnet Blocker to see if it is the cause for the issue.
How to disable Botnet blocker:
- Log in to Policy Manager Console
- Select the host or domain from the Domain Tree
- Go to the Settings tab and select Standard view
- Navigate to Web traffic scanning and select Botnet Blocker
- Set the DNS query filtering to Allow all queries
- Distribute the policy (Ctrl+D)
- Open the Client Security local user interface
- Go to the Malware Protection tab
- Click Edit settings from the left side of the user interface to enable administrator rights
- Disable DeepGuard using the on / off switch
- Log in to the Policy Manager Console
- Select a host or policy domain from the Domain Tree
- Go to the Settings tab
- Go to the Real-time scanning settings page
- Scroll down to the Files and applications excluded from scanning table and enable Do not scan the following files and applications
- Click Add on the right side of the table
- Add the application path and click OK
- Distribute the policy (Ctrl + D)
How to enable ORSP via Policy Manager console:
- Log in to Policy Manager Console
- Select the host or domain from the Domain Tree
- Go to the Settings tab (Advanced view)
- Navigate to F-Secure Security Cloud Client > Settings
- Enable Allow deeper analysis and Client is enabled
- Distribute the policy (Ctrl+D)
From Web Browser
- Open
http://orsp.f-secure.com/getc
and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem.
- Open
https://doorman.sc.fsapi.com/doorman/v1/healthcheck
and the browser must reply 'OK'
Article no: 000004728