Since endpoint protection decrypts TLS and inspects payloads would it be ok to turn off TLS inspect in the web proxy? Based on my testing, endpoint TLS inspection is far more reliable. By disabling TLS inspection in our web proxy (SG) we could save administrative overhead.
Hi, Decryption can be done; however, if you need to bypass some domains and URLs, it’s impossible on the endpoint level. It can only be achieved through Sophos UTM or Sophos XG Firewall.
Endpoint TLS inspection allows exceptions for domains and IP addresses.
Do you wish to configure this through the endpoint level? if so? then there’s no way to configure it through endpoint policy. Are you looking for a way to turn off web control on your XG?
TLS inspection at the endpoint has been on since general availability. I'm toying with the idea of turning off decrypt and scan in the SG web proxy.