Problem
The StrideLinx router can reach the internet, but does not come online. A company firewall does not actively block the connection.
Note
Refer to the following article to confirm that the StrideLinx router has internet access: Troubleshooting - unable to connect your StrideLinx router to the StrideLinx Cloud.Cause
The company firewall has SSL inspection enabled. With SSL inspection, each network package is decrypted, read, encrypted, and signed with a new certificate. This new certificate isn’t trusted by the StrideLinx Cloud. Thus, the StrideLinx router is unable to set up an MQTT connection, VPN connection, or both.
Note that other terms could be used instead of SSL inspection, like SSL decryption, SSL Proxy, Deep Packet Inspection, or Forward Proxy Decryption. For background information, refer to this external article.
Solution
Disable SSL inspection on the company firewall for network traffic from the StrideLinx router (source-based) or to the StrideLinx domains listed here (destination-based). For guidance, consult the firewall manufacturer’s documentation or contact them directly.
Some examples for specific brands:
Fortinet
Under Policy & Objects > Firewall Policy, create a new rule that has Inspection Mode configured with Flow-based (not Proxy-based). For more information refer to the Fortinet documentation.
Palo Alto
Under Policies > Decryption, create a rule of the type ssl-forward-proxy that has the action no-decrypt. For more information refer to the Palo Alto documentation.
WatchGuard
Create a firewall policy rule that doesn’t have HTTPS-Proxy enabled. For more information refer to the WatchGuard documentation.