It is likely as you says that there is a deep packet inspection in the
middle (Firewall, ie. Fortinet).
If it's the case, the Firewall opens the packets and then encrypts again
with its own certificate
If it's the case, perhaps it might work using a different browser (ie.
chrome doesn't allow add exceptions to that kind of connections but
safari does)
Another option may be that since the certificate will always be the same
(the one from the firewall) add it to the trusted certificates...
Hope it helps.
El 2021-08-12 22:12, Chris Thompson escribió:
I realize there is much more to this than is likely something that can
be solved in Guacamole, but I thought I'd throw it out there anyway. I
have a Guacamole instance running on a Linux VM behind an Nginx Reverse
Proxy with SSL via LetsEncrypt. Works great with one exception...
I have a problem with access for one user who has very restricted
policies for Internet Access and Group Policies on his Windows
Workstation at work. He cannot install any applications or browser
plug-ins of any type, and he's seemingly behind some sort of
Application Layer Firewall that's breaking the SSL handshaking and
somehow issuing their own certifications (presumably to inspect the
application traffic as it traverses the network).
Wondering if anyone has run into this sort of thing and managed to find
a workaround? I was hoping that it would just work being that
everything would run in the browser, but somehow that's not the case.
