Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 39 subscribers
  • Views 940 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL/TLS Rules

Regex

HI,

I was watching the customer course. i saw that in ssl/tls rules section learner could set WAN as a source port. So i have loged to my XG and checked again if i can eather. BUT nope, i cant set WAN as a source interface. PLS see the screenshots below.

Screen From course:

AND SCREEN FORM MY XG:

Can you pls check how's on yours XGs ? Is it a bug or what >?



This thread was automatically locked due to age.
  • 0

    Roman,

    It is not a bug. Probably the course was taken during the XG beta version. Since the TLS traffic, XG analyses is from LAN or any other Zone (except for WAN) going to other zones (in most cases the target zone is WAN), what you have on XG v18 GA is correct.

    Please send an email to globaltraining with the screenshot.

    Regards

  • 0 in reply to lferrara

    Thank you for an answer. So how traffic from WAN is inspected  if i cant select WAN as a source?. scenerio, Im uploading some malware files to my server to check if AV is working and it uploads with no virus detected. Any clue for that ?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    Roman,

    when you download or upload something, the initial request comes from your pc and not viceversa. So the source is the LAN and not the WAN.

  • 0 in reply to lferrara

    the course is saying that its recommended to use "Malware and content scanning" instead of "Filtering common web ports" So ive done some testing to check if malware willbe also blocked if ill set only "malware and content scanning" unfortunately, files sended with no  problem. Ive attached screens from policy of FW rule and ssl/tls rule. Also ive added via Console non-standard port for https and ftp <- but ftp is a different story. 

     

     

     REGARDING TO YOUR ANSWER "when you download or upload something, the initial request comes from your pc and not viceversa. So the source is the LAN and not the WAN."
    If im using a PC outside of my LAN(home) the connection is initialized by my PC not by my server which is located at home. So the traffic comes from WAN <-- where was initialized. OR im wrong ?

    Appreciate for you help :)

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    Roman, this is a different story than the issue you reported in this thread.

    Please open a new thread and I will reply there.

    Regards

  • 0 in reply to lferrara

    Big thanks. lastly for that thread:

     

    REGARDING TO YOUR ANSWER "when you download or upload something, the initial request comes from your pc and not viceversa. So the source is the LAN and not the WAN."
    If im using a PC outside of my LAN(home) the connection is initialized by my PC not by my server which is located at home. So the traffic comes from WAN <-- where was initialized. OR im wrong ?

     

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Unfiltered HTML