I read the document with interest and noticed there was no mention of HTTP/2 support in the XG/XGS decryption profile. What is the Sophos way forward with this protocol to improve the security scanning on the XG/XGS?
HTTP/2 and Quick etc. is of course in big interest of bigger providers like Google, Akamai etc. They want to to push this to decrease there output volume to a minumum.
In SFOS you can block QUIC and clients…
About the HTTP/2 part: As far as i know, most HTTP/2 Protocols uses TLS anyways. Therefore XGS can decrypt those protocols, but cannot pass them to the proxy. In the wild, i do found plenty of HTTP/2 based operations, on firewalls, which indicates, the fallback to HTTP/1.1 works fine.
Yes, i was referring to QUIC on HTTP/3.
DPI is again a decryption on any service, seen on the firewall. Nowadays you can do this on all ports and with TLS1.3 etc. There are applications, which were designed to work without any decryption, as on that point of app creation, there was no such product of decryption.
The DPI is completely separate from the firewall stack. You can trigger decryption and a app filter. You can trigger only appfilter but no decryption. You can trigger only decryption but no app filter etc.
The DPI will take the traffic first, decrypt it and pass it to the modules to do there job.
Thank you. I have been experimenting with SSL/TLS rules and so far only broken two applications, one was fixed by enabling the web proxy the other is video streaming which I can't find why video fails to start. Nothing obvious in logviewer att his stage.
I have noticed that some of the applications I had to create special policies for are blocked in SSL/TLS scanning by categories. I suspect though the site when it gets its act together will no longer be classified a virus etc source by Sophos.