Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 29 replies
  • Subscribers 44 subscribers
  • Views 9933 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MALWARE AND CONTENT SCANNING

Regex

the course is saying that its recommended to use "Malware and content scanning" instead of "Filtering common web ports" So ive done some testing to check if malware will be blocked if i'll set only "malware and content scanning" unfortunately, files sended with no  problem. Ive attached screens from policy of FW rule and ssl/tls rule. Also ive added via Console non-standard port for https and ftp <- but ftp is a different story. 

 

 

BUT if im setting options below(screenshot) it does working. Tested malware are blocked and i can see it in the LOGS.



This thread was automatically locked due to age.
  • 0 in reply to Regex

    Roman on Fortigate you can scan: http, imap,pop3, smtp,smb,ftp and nntp.

  • 0 in reply to lferrara

    Vote the feature request I opened a couple of years ago:

  • 0 in reply to lferrara

    I can ensure you that not only. ^^ but other then that. Can you also help me with FTPS that isnt scanned by any of sophos engine ? very appreciate fo your spended time for my help :) FTP is setup on FTPS port 990 and im getting error SSL handshake timed out.. for both scanners dpi and webproxy

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    If it is SFTP, you will need to decrypt the traffic first with XG in order to scan it.

    Also if you want FTP traffic to be scanned by XG, you will need to run the FTP server over the default port (21). XG is only port agnostic for HTTP traffic, if you run FTP over a non-standard port, It will not detect it as FTP, hence it will not scan it.

     

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    So if im using ftps on 21 xg will not scan it?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    No one is able to scan encrypted traffic, if your running FTPS you will need to decrypt it first with SSL/TLS Inspection rules.

     

    Just tested myself with FTPS, XG with the new TLS engine has able to decrypt it and scan over it's default port (990).

    NO, I has wrong, XG doesn't scan decrypted FTPS, on v18 your able to decrypt it but not scan it, incredible.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    Can someone open a support case?

    Of course a license is needed for that.

  • 0 in reply to Prism

    So i have to change the default port to 990. But other then that it will not scan it ;) BUG ?

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    The default port of FTP (Plain-Text) is 21, the default port of FTPS (TLS Encrypted) is 990.

    Why XG isn't scanning the decrypted FTPS traffic? I don't know. It probably doesn't support it right now.

     

    It's better for you to wait for a answer from a Sophos Employee.

     

    Unknown said:
    So i have to change the default port to 990. But other then that it will not scan it ;) BUG ?

    XG doesn't recognize FTP or Decrypted FTPS on non-standard ports, if you can, run only on their default ports.

     

    Also the first issue you had with HTTPS traffic not being scanned with DPI - You need to create a Decrypt rule (LAN=>WAN) on the SSL/TLS Inspection tab. Or else it won't decrypt it.

     

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    In theory, with the new DPI, http/s traffic on whatever port the traffic is running, it should be decrypted.

    Here we are talking about FTPS service, which uses TLS but the service is FTP and not HTTP/S.

    could you clarify?

    Thanks

Unfiltered HTML