Hi,
currently we have XG or XGS doing HTTPS decryption and inspection at Gateway Level.
Sophos has finally made it to decrypt HTTPS on the endpoint, too. That's good.
But this combination now causes double work for exceptions. we need to skip SSL decryption for specific hosts on the XGS Gateway and second on the Intercept-X Clients.
I'd like some kind of dynamic option to toggle Endpoint HTTPS decryption on or off based on the network segment the Endpoint is located in, based on firewall detection.
So lets say, we have 4 LAN segments
a: corporate lan 192.168.0.10/24 firewall-protected
b: corporate wifi 192.168.100.10/24 firewall-protected
c: guest wifi no-firewall
d: home lan unknown IP range no-firewall
In a and b the Endpoint could detect that it's gateway is the corporate firewall, e.g. by checking the HTTPS decryting CA returned to web requests
-> there would be no need for HTTPS decryption by Sophos Endpoint
In c and d the Sophos Endpoint could not detect the corporate firewall
-> it could now decide to enable HTTPS decryption
Is such thing currently possible?
This thread was automatically locked due to age.
