Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2517 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOW TO: Unblock Ring doorbell app when Sophos XG is using SSL/TLS decryption

Jeremy Lloyd

Hi

In case it helps anyone trying to use the Ring doorbell App behind an XG when SSL/TLS decryption is enabled, you will need to a custom SSL/TLS inspection rule.

Ports used by the Ring device are here: The Protocols and Ports Used by Ring Devices – Ring Help

Add a new Service (Hosts & Services / Services / Add) which includes TCP ports 9998, 9999, 15063 and 15064.

Add a new SSL/TLS inspection rule to "Top" (Rules and Policies / SSL/TLS inspection rules / Add).

Action: Don't decrypt

Source zones: as required

Destination zones: WAN

Services: your new Service

RING will not tell you the destination URLs or IP addresses used by their apps. Not helpful.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jeremy, 

    Thank you for your contribution to the Community!

    ""In case it helps anyone trying to use the Ring doorbell App behind an XG when SSL/TLS decryption is enabled, you will need to a custom SSL/TLS inspection rule.

    Ports used by the Ring device are here: The Protocols and Ports Used by Ring Devices – Ring Help

    Add a new Service (Hosts & Services / Services / Add) which includes TCP ports 9998, 9999, 15063 and 15064.

    Add a new SSL/TLS inspection rule to "Top" (Rules and Policies / SSL/TLS inspection rules / Add).

    Action: Don't decrypt

    Source zones: as required

    Destination zones: WAN

    Services: your new Service""

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello Jeremy, 

    Thank you for your contribution to the Community!

    ""In case it helps anyone trying to use the Ring doorbell App behind an XG when SSL/TLS decryption is enabled, you will need to a custom SSL/TLS inspection rule.

    Ports used by the Ring device are here: The Protocols and Ports Used by Ring Devices – Ring Help

    Add a new Service (Hosts & Services / Services / Add) which includes TCP ports 9998, 9999, 15063 and 15064.

    Add a new SSL/TLS inspection rule to "Top" (Rules and Policies / SSL/TLS inspection rules / Add).

    Action: Don't decrypt

    Source zones: as required

    Destination zones: WAN

    Services: your new Service""

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data
Unfiltered HTML