Kaspersky
Solved

KSC11 and KES11 blocking VPN/certificate issues

  • 23 May 2019
  • 6 replies
  • 943 views

Thought we had fixed it but it's reared it's ugly head again.

Just updated to a KSC11 and KES11 and we're having a lot of issues with Kaspersky blocking our Cisco Anyconnect VPN and also causing issues with some people accessing internal web portals for servers. The VPN and the portals all either have no certificate or an out of date certificate so the belief is that this is what is causing the issue.

I've turned notifications on for everything and it still won't alert me at all to tell me what is being blocked or causing the issue but when i turn off the Web Control part of KES11, everything starts working again. Nothing is being blocked under Web Control in the reports side for the machines.
icon

Best answer by Nikolay arinchev 31 May 2019, 09:20

Is it possible to add an allowing rule at web-control for internal web portals?
View original

6 replies

Userlevel 5
Badge +2
Hi,

Could you please clarify what version of KES 11 do you use?

It is version 11.1.0.15919 of KES and version 11.0.0.1131 of the network agent. KSC version is 11.0.0.1131.

The previous version of KSC, version 10.5.1781, and KES 11.0.0.6499 with agent version 10.5.1781 didn't cause any issues at all.

edit: I've attached the certificate error that comes up, when you click to proceed, a Kaspersky error pops up warning that i'm about to enter an unsafe web resource, it will then allow me to log into the website. If the website times me out, i need to close the browser and reopen it so i can get the certificate error before Kaspersky allows me to log in again. I'm not sure if the VPN is the same issue but the VPN also doesn't use a certificate.
Hello, just wondering if anyone has any suggestions on this? The only thing we can do is a full downgrade back to KSC10.
Userlevel 5
Badge +2
Is it possible to add an allowing rule at web-control for internal web portals?
Thank you for the reply, all of the internal portals were already added as the settings were copied over from the Kaspersky KSC10 server.

We did do a test where we did a backup of the old KSC10 server and then did an upgrade of that from KSC10 to KSC11 and everything is now working fine.
Is it possible to add an allowing rule at web-control for internal web portals?
Just a quick update, the VPN is now broken on the old server after updating to KSC11 and KES11.1. It was tested and proved to be working fine for a few days and then it started failing today. What needs adding as an allow rule in web control to resolve the vpn issue? The domain name of the vpn has already been added originally and that's not resolved the issue.

My presumption is that the issue is KES11.1 rather than KSC11.

Reply / Ответить