Issue
The Managed UTM WebFilter function checks the server certificate of the connected site in HTTPS communication.
At that time, the certificate whose size exceeds the buffer area can not be checked and the error will be returned.
The size of the certificate exceeds the buffer area of Managed UTM at the Web site that uses a certificate where many certificate aliases are registered as Subject Alternative Names.
There is a problem that you can not connect normally.
We are sorry for your inconvenience, but from the viewpoint of security, we do not disclose the size of the certificate that exceeds the buffer area and causes an error.
Workaround
If your environment does not use a proxy server, check the IP address [nslookup] of the target domain in the customer environment.
After creating a new Firewall policy, communication to the target destination can be avoided by setting it not to use the WebFilter function.
As a point of caution, if the IP address of the target domain is changed, you need to reconfigure the Managed UTM Firewall rules.
We apologize, but in environments that use a Proxy server, there is no workaround other than disabling the WebFilter feature.
In addition, the application of WebFilter function in the environment using Proxy server is as the following annotation in the URL
There are also notes, so please check them together.
● Web filter function (Note)
https://ecl.ntt.com/en/documents/service-descriptions/rsts/security/menu_utm.html#nw-fc-sec