This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

possibility to enable or disable HTTPS decryption based on Network segment?

Hi,

currently we have XG or XGS doing HTTPS decryption and inspection at Gateway Level.

Sophos has finally made it to decrypt HTTPS on the endpoint, too. That's good.

But this combination now causes double work for exceptions. we need to skip SSL decryption for specific hosts on the XGS Gateway and second on the Intercept-X Clients.

I'd like some kind of dynamic option to toggle Endpoint HTTPS decryption on or off based on the network segment the Endpoint is located in, based on firewall detection.

So lets say, we have 4 LAN segments

a: corporate lan 192.168.0.10/24 firewall-protected

b: corporate wifi 192.168.100.10/24 firewall-protected

c: guest wifi no-firewall

d: home lan unknown IP range no-firewall

In a and b the Endpoint could detect that it's gateway is the corporate firewall, e.g. by checking the HTTPS decryting CA returned to web requests

-> there would be no need for HTTPS decryption by Sophos Endpoint

In c and d the Sophos Endpoint could not detect the corporate firewall

-> it could now decide to enable HTTPS decryption

Is such thing currently possible?



This thread was automatically locked due to age.