Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No DPI for specific port

Regex

Hi.

I'm trying to figure out why DPI isnt working in my case. I think ive done all propelly -> FW rule and SSL/TLS rules. But still no traffic is inspected ;( 

Im using Qnap to host some services in this case its on 8443 port its ofcourse SSL.

Screenshots below.

FIRST FW RULE:

AND SSL/TLS

It works only when im using webproxy - but i wont ;)



This thread was automatically locked due to age.
Parents
  • 0

    You are using a DNAT Rule? Port 8443? 

    Then you try to Scan the reversed connection?

     

    Because your Firewall Rule is WAN to LAN - Indicating you are using DNAT.

    Your SSLx Rule will use LAN to WAN Port 8443. 

     

    SSLx will not be activated for WAN to LAN Traffic. If the connection was built by WAN to LAN, the back Packets will not be inspected. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    That is a bad message ;( so there is no solution to decrypt it ? Weird is that when i switch to not use DPI but webproxy it works.. tested malwares are blocked ;)

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Regex

    Roman,

    this is the expected behaviour. You can mitigate layer 7 attacks (http/s only) by using WAF instead of a DNAT rule.

  • 0 in reply to lferrara

    So your sugestion is to use WAF instead of DNAT. ? if so ill try to use it ;)

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Reply Children
No Data
Unfiltered HTML