Has Encryption Made Your Current Firewall Irrelevant? Latest from Sophos about decryption on XG/XGS

Hi folks,

I read the document with interest and noticed there was no mention of HTTP/2 support in the XG/XGS decryption profile. What is the Sophos way forward with this protocol to improve the security scanning on the XG/XGS?

Ian



Edited TAGs
[edited by: emmosophos at 3:29 PM (GMT -7) on 30 Aug 2021]
  • About the HTTP/2 part: As far as i know, most HTTP/2 Protocols uses TLS anyways. Therefore XGS can decrypt those protocols, but cannot pass them to the proxy. In the wild, i do found plenty of HTTP/2 based operations, on firewalls, which indicates, the fallback to HTTP/1.1 works fine. 

    Yes, i was referring to QUIC on HTTP/3. 

    DPI is again a decryption on any service, seen on the firewall. Nowadays you can do this on all ports and with TLS1.3 etc. There are applications, which were designed to work without any decryption, as on that point of app creation, there was no such product of decryption. 

    The DPI is completely separate from the firewall stack. You can trigger decryption and a app filter. You can trigger only appfilter but no decryption. You can trigger only decryption but no app filter etc. 

    The DPI will take the traffic first, decrypt it and pass it to the modules to do there job. 

    __________________________________________________________________________________________________________________

  • Thank you. I have been experimenting with SSL/TLS rules and so far only broken two applications, one was fixed by enabling the web proxy the other is video streaming which I can't find why video fails to start. Nothing obvious in logviewer att his stage.

    I have noticed that some of the applications I had to create special policies for are blocked in SSL/TLS scanning by categories. I suspect though the site when it gets its act together will no longer be classified a virus etc source by Sophos.

    Ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.