Some clients using Cyberoam firewalls have reported problems with being unable to access particular secure websites which are hosted on Amazon Web Services cloudfront. One example is https://app.safetyculture.io
This is because the AWS servers have started including a new Cipher which is currently not supported by Cyberoam Web Proxy.
On checking the Cipher suite for the website found that it is using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Website is not working because Cyberoam proxy does not currently support cipher suit 0xc02f and that is the reason server is closing this connection with Alert (Level: Warning, Description: Close Notify)
CROS proxy doesn’t support cipher suit 0xc02f and considered as a feature request. As per the Product Team, we have an update that currently, they do not have any plan to include feature request in the Cyberoam firewall with CR-OS.
To work around this issue create a new FQDN host for each site that has the issue. Add them to an FQDN group I have called AWS Cloudfront sites. Create a new LAN to WAN firewall rule with that FQDN group as the destination shown below: