The IXrouter can reach the internet, but does not come online. A company firewall does not actively block the connection.
NoteRefer to the following article to confirm that the IXrouter has internet access: Troubleshooting - unable to connect your IXrouter to the IXON Cloud.
The company firewall has SSL inspection enabled. With SSL inspection, each network package is decrypted, read, encrypted, and signed with a new certificate. This new certificate isn’t trusted by the IXON Cloud. Thus, the IXrouter is unable to set up a VPN, Configuration, and Data logging connection.
Note that other terms could be used instead of SSL inspection, like SSL decryption, SSL Proxy, Deep Packet Inspection, or Forward Proxy Decryption. For background information, refer to this external article.
Disable SSL inspection on the company firewall for network traffic from the IXrouter (source-based) or to the IXON domains listed here (destination-based). For guidance, consult the firewall manufacturer’s documentation or contact them directly.
Some examples for specific brands:
Under Policy & Objects > Firewall Policy, create a new rule that has Inspection Mode configured with Flow-based (not Proxy-based). For more information refer to the Fortinet documentation.
Under Policies > Decryption, create a rule of the type ssl-forward-proxy that has the action no-decrypt. For more information refer to the Palo Alto documentation.
Create a firewall policy rule that doesn’t have HTTPS-Proxy enabled. For more information refer to the WatchGuard documentation.