F-Secure Client Security Web traffic scanning is blocking an internal server, URL or applications are not starting

Issue:

  • When Web traffic scanning feature is enabled, some web applications and URLs are inaccessible or there are connectivity or performance issues.
  • Java-based applications unable to connect to an internal server or there are connectivity issues.
  • Issue started after client received the F-Secure Online Safety 2019-11-19_01 update.

Resolution:

1. Make sure ORSP Service (F-Secure Security Cloud) is enabled. You may find more information about the Security Cloud here

How to enable ORSP via Policy Manager console:

  1. Log in to Policy Manager Console
  2. Select the host or domain from the Domain Tree
  3. Go to the Settings tab (Advanced view)
  4. Navigate to F-Secure Security Cloud Client > Settings
  5. Enable Allow deeper analysis and Client is enabled
  6. Distribute the policy (Ctrl+D)
You can ping the ORSP Service on your local client and see if its reachable: orsp.f-secure.com 

From Web Browser 
  • Open  http://orsp.f-secure.com/getc and browser must be able to download certificate file from the URL. If it is reporting an error or hangs for several minutes, then there is a problem.
Connectivity to DOORMAN service:

 
You might have to check your firewall settings and allow *.f-secure.com and *.fsapi.com. More about URL addresses for F-Secure update services can be found here.

Note: If ORSP is off, this means that our security cloud client can not access our remote services. This is the root of the slowness/hangs/interoperability etc.


2. You can add the server address as trusted. This will exclude the server from Web Traffic Scanning.

How to add the server address as trusted differs between F-Secure Client Security versions:

For F-Secure Client Security 13.x:
  1. Log in to F-Secure Policy Manager Console
  2. Select the host or domain from the Domain Tree
  3. Go to the Settings tab and select Advanced view
  4. Navigate to F-Secure Anti-Virus -> Settings -> Settings for Web Traffic Scanning -> Trusted Servers
  5. Click Add and enter the server address 
  6. Distribute the policy (Ctrl+D)
With Client Security 13.x clients the address needs to have the /* wildcard added after the server address, for example:
For F-Secure Client Security 14.x:
  1. Log in to F-Secure Policy Manager Console
  2. Select the host or domain from the Domain Tree
  3. Go to the Settings tab and select Standard view
  4. Go to the Web content control page
  5. Click Add on the right side of the Trusted sites list
  6. Enter the server address in the Address column
  7. Distribute the policy (Ctrl+D)
With Client Security 14.x clients no wildcard is needed in the address, for example:
If the steps above did not solve your problem, please try to disable Botnet Blocker and/or DeepGuard

How to disable Botnet blocker:
  1. Log in to F-Secure Policy Manager Console
  2. Select the host or domain from the Domain Tree
  3. Go to the Settings tab and select Standard view
  4. Navigate to Web traffic scanning and select Botnet Blocker
  5. Set the DNS query filtering to Allow all queries
  6. Distribute the policy (Ctrl+D)

Article no: 000004728

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
3 of 3
Last update:
a week ago
Updated by: