Puffin Academy

From Opendium Documentation
Revision as of 14:14, 13 October 2022 by Steve (talk | contribs) (Created page with "== Status == Fully working, with additional configuration (listed below). == Configuration == * Allow the ''Puffin Academy'' firewall bundle on the Egress page. * Ensure that the ''Disable HTTPS Decryption'' Override is enabled. Note: we recommend that this override is always enabled (this is the default). == Detail == Puffin Academy makes HTTPS connections which contain an invalid Server Name Indication (*.flashbrowser.com) an...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Status

Fully working, with additional configuration (listed below).

Configuration

  • Allow the Puffin Academy firewall bundle on the Egress page.
  • Ensure that the Disable HTTPS Decryption Override is enabled. Note: we recommend that this override is always enabled (this is the default).

Detail

Puffin Academy makes HTTPS connections which contain an invalid Server Name Indication (*.flashbrowser.com) and the transparent proxy is therefore unable to validate the connections. The invalid connections are blocked, as the system considers them to be an attempt to bypass the usual filtering. Adding the above firewall configuration allows Puffin Academy to bypass the transparent proxy. Note that this problem does not affect devices which are configured to use the non-transparent proxy.

Puffin Academy does not utilise the device's trusted certificate store and therefore the standard Disable HTTPS decryption override contains rules to disable HTTPS decryption.

Some of this information is from the Puffin Academy website: http://www.flashbrowser.com/pconnect/faq.php#202

Vendor Contact Log

The following log summarises discussions with the vendor of Puffin Academy (CloudMosa) regarding the problems listed above.

  • 2016-07-06 - Reported to vendor.
  • 2016-07-07 - Vendor responded, stating that the problems would not be resolved.