Infrastructure category

Hello All;

            I have an issue with my sophos XG firewall.

when i generate any report i found that there is a big traffic related to Category named "infrastructure" and once i open it i found Application/proto:port named "Secure Socket Layer Protocol"

I need to monitor this traffic to know which application make this traffic and close or remove it if it is harm application.

 

My configuration is below:

- Sophose firmware:  SFOS 17.5.8 MR-8

- i have one rule that allow all http and https only

- web policy configured to allow all.

- application policy configured to allow all.

- checked "Scan HTTP"  , checked "Decrypt & scan HTTPS"  , checked "Block Google QUIC"

- the cert "Default" and "SecurityAppliance_SSL_CA.pem"  installed on the PCs in the trusted root section.

 

thanks in advance.