F-Secure Client Security or Server Security Web traffic scanning is blocking HTTP connections to an internal server, URL or of an application - F-Secure Community
<main> <article class="userContent"> <h3 data-version="9" data-article="000004728" data-id="issue">Issue:</h3> <p></p><ul><li>When the Web traffic scanning feature is enabled, some applications are unable to connect to an internal server and some URLs are inaccessible or some applications have connectivity or performance issues</li><li>Java-based applications unable to connect to an internal server or there are connectivity issues.</li></ul><h3 data-id="resolution">Resolution:</h3> <p>If the Web Traffic Scanning is causing issues for an application that connects to an internal server, you can add the server address as trusted. This will exclude the network traffic from Web Traffic Scanning. <br><br>How to add the server address as trusted differs between F-Secure Client Security and Server Security versions:<br><br> For <b>F-Secure Client Security 13.x</b>:<br></p><ol><li>Log in to F-Secure Policy Manager Console</li><li>Select the host or domain from the Domain Tree</li><li>Go to the <b>Settings </b>tab and select <b>Advanced view</b></li><li>Navigate to <b>F-Secure Anti-Virus</b> -> <b>Settings </b>-> <b>Settings for Web Traffic Scanning</b> -> <b>Trusted Servers</b></li><li>Click <b>Add </b>and enter the server address </li><li>Distribute the policy (Ctrl+D)</li></ol> With <b>Client Security 13.x</b> clients the address needs to have the /* wildcard added after the server address, for example: <ul><li><a href="http://193.110.109.55/*" rel="nofollow">http://193.110.109.55/*</a></li><li><a href="http://sql-server-2008:8080/*" rel="nofollow">http://sql-server-2008:8080/*</a></li><li>SAMPLESERVER:8080/*</li></ul> For <b>F-Secure Client Security </b>/ <b>Server Security 14.x </b>and<b> 15.x</b>: <ol><li>Log in to F-Secure Policy Manager Console</li><li>Select the host or domain from the Domain Tree</li><li>Go to the <b>Settings </b>tab and select <b>Standard view</b></li><li>Go to the <b>Web content control </b>page</li><li>Click <b>Add </b>on the right side of the <b>Trusted sites </b>list</li><li>Enter the server address in the <b>Address </b>column</li><li>Distribute the policy (Ctrl+D)</li></ol> With <b>Client Security</b> / <b>Server Security 14.x</b> and <b>15.x</b> clients no wildcard is needed in the address, for example: <ul><li><a href="http://193.110.109.55" rel="nofollow">http://193.110.109.55</a></li><li><a href="http://sql-server-2008:8080" rel="nofollow">http://sql-server-2008:8080</a></li><li>SAMPLESERVER:8080</li></ul> <br>If the steps above did not solve your problem, disable Botnet Blocker to see if it is the cause for the issue.<br><br> How to disable Botnet blocker: <ol><li>Log in to F-Secure Policy Manager Console</li><li>Select the host or domain from the Domain Tree</li><li>Go to the <b>Settings </b>tab and select <b>Standard view</b></li><li><b>Navigate </b>to <b>Web traffic scanning </b>and select <b>Botnet Blocker</b></li><li>Set the <b>DNS query</b> filtering to <b>Allow all queries</b></li><li>Distribute the policy (Ctrl+D)</li></ol> If disabling disabling the Botnet blocker did not solve the issue, disable DeepGuard temporarily and then try to reproduce the issue. How to disable DeepGuard: <ol><li>Open the F-Secure Client Security local user interface</li><li>Go to the <b>Malware Protection </b>tab</li><li>Click <b>Edit settings </b>from the left side of the user interface to enable administrator rights</li><li>Disable <b>DeepGuard </b>using the on / off switch</li></ol> If the issue is resolved by disabling DeepGuard, you can create a DeepGuard exclusion in the policy: <ol><li>Log in to the Policy Manager Console</li><li>Select a host or policy domain from the Domain Tree</li><li>Go to the <b>Settings </b>tab</li><li>Go to the <b>Real-time scanning </b>settings page</li><li>Scroll down to the <b>Files and applications excluded from scanning </b>table and enable <b>Do not scan the following files and applications </b></li><li>Click <b>Add </b>on the right side of the table </li><li>Add the application path and click <b>OK</b></li><li>Distribute the policy (Ctrl + D)</li></ol> It is also good to make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud <a rel="nofollow" href="https://www.f-secure.com/en/legal/privacy/security-cloud">here</a> <br><br>How to enable ORSP via Policy Manager console: <ol><li>Log in to Policy Manager Console</li><li>Select the host or domain from the Domain Tree</li><li>Go to the <b>Settings</b> tab (Advanced view)</li><li>Navigate to <b>F-Secure Security Cloud Client</b> > <b>Settings</b></li><li>Enable <b>Allow deeper analysis </b>and <b>Client is enabled</b></li><li>Distribute the policy (Ctrl+D)</li></ol> You can ping the ORSP Service on your local client and see if its reachable: orsp.f-secure.com <br><br> From Web Browser <ul><li>Open <code class="code codeInline" spellcheck="false" tabindex="0"><a rel="nofollow" href="http://orsp.f-secure.com/getc">http://orsp.f-secure.com/getc</a></code> and browser must be able to download the certificate file from the URL. If it is reporting an error or the browser hangs for several minutes, then there is a problem.</li></ul> Connectivity to DOORMAN service: <ul><li>Open <code class="code codeInline" spellcheck="false" tabindex="0"><a rel="nofollow" href="https://doorman.sc.fsapi.com/doorman/v1/healthcheck">https://doorman.sc.fsapi.com/doorman/v1/healthcheck</a></code> and the browser must reply 'OK'</li></ul> You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found <a rel="nofollow" href="https://community.f-secure.com/t5/Common-Topics/URL-addresses-for-F-Secure/ta-p/11407">here.</a><br> <p>Article no: 000004728</p> </article> </main>