The CloudVPN router can reach the internet, but does not come online. A company firewall does not actively block the connection.
NoteRefer to the following article to confirm that the CloudVPN router has internet access: Troubleshooting - unable to connect your CloudVPN router to the CloudVPN Portal.
The company firewall has SSL inspection enabled. With SSL inspection, each network package is decrypted, read, encrypted, and signed with a new certificate. This new certificate isn’t trusted by the CloudVPN Portal. Thus, the CloudVPN router is unable to set up a VPN, Configuration, and Data logging connection.
Note that other terms could be used instead of SSL inspection, like SSL decryption, SSL Proxy, Deep Packet Inspection, or Forward Proxy Decryption.
Disable SSL inspection on the company firewall for network traffic from the CloudVPN router (source-based) or to the CloudVPN domains listed here (destination-based). For guidance, consult the firewall manufacturer’s documentation or contact them directly.
Some examples for specific brands:
Under Policy & Objects > Firewall Policy, create a new rule that has Inspection Mode configured with Flow-based (not Proxy-based). For more information refer to the Fortinet documentation.
Under Policies > Decryption, create a rule of the type ssl-forward-proxy that has the action no-decrypt. For more information refer to the Palo Alto documentation.
Create a firewall policy rule that doesn’t have HTTPS-Proxy enabled. For more information refer to the WatchGuard documentation.