Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall

Discussions Exclude urls/ips/domainpattern from SSL Scan not working (whatsapp)

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 38 subscribers
Views 15378 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude urls/ips/domainpattern from SSL Scan not working (whatsapp)

MrJens over 9 years ago

Hi,

how could I exclude URLs/IPs like : *.whatsapp.* oder 50.22.19.0/24 from SSL Scanning.

All excludes in the "HTTPS Scanning Exceptions" seems not to work - just tried with this IPs.

https://198.23.87.74

Only Image transfer is not working with SSL Scan enabled.

Jens

This thread was automatically locked due to age.

Parents

0 MrJens over 9 years ago

Workaround for whatsapp because you can't use masks/pattern :

Download Whatsapp cidr : www.whatsapp.com/cidr.txt

Expand all Networks to full ips :

while read p; do
prips $p > longiplist.txt
done <cidr.txt

Split list into 2 Lists with less then 2000 IPs each list and create 2 new "Web Categories":
Protection > Web Protection > Web Categories

WhatsApp-Part1-IPs, WhatsApp-Part2-IPs

Exclude this 2 "Web Categories" in the "Web Content Filter" Configuration - "HTTPS Scanning Exceptions"
Protection > Web Protection > Web Content Filter -> HTTPS Scanning Exceptions

Thats it.
But Only Access direct to the IPs is now excludes from the HTTPS scanning engine.
https://www.whatsapp.com still goes through the SSL-Proxy.

Not a solution - but a first workaround

Jens
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MrJens over 9 years ago

Workaround for whatsapp because you can't use masks/pattern :

Download Whatsapp cidr : www.whatsapp.com/cidr.txt

Expand all Networks to full ips :

while read p; do
prips $p > longiplist.txt
done <cidr.txt

Split list into 2 Lists with less then 2000 IPs each list and create 2 new "Web Categories":
Protection > Web Protection > Web Categories

WhatsApp-Part1-IPs, WhatsApp-Part2-IPs

Exclude this 2 "Web Categories" in the "Web Content Filter" Configuration - "HTTPS Scanning Exceptions"
Protection > Web Protection > Web Content Filter -> HTTPS Scanning Exceptions

Thats it.
But Only Access direct to the IPs is now excludes from the HTTPS scanning engine.
https://www.whatsapp.com still goes through the SSL-Proxy.

Not a solution - but a first workaround

Jens
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data