Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 17364 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Has Encryption Made Your Current Firewall Irrelevant? Latest from Sophos about decryption on XG/XGS

rfcat_vk

Hi folks,

I read the document with interest and noticed there was no mention of HTTP/2 support in the XG/XGS decryption profile. What is the Sophos way forward with this protocol to improve the security scanning on the XG/XGS?

Ian



This thread was automatically locked due to age.
  • 0 in reply to Prism

    About the HTTP/2 part: As far as i know, most HTTP/2 Protocols uses TLS anyways. Therefore XGS can decrypt those protocols, but cannot pass them to the proxy. In the wild, i do found plenty of HTTP/2 based operations, on firewalls, which indicates, the fallback to HTTP/1.1 works fine. 

    Yes, i was referring to QUIC on HTTP/3. 

    DPI is again a decryption on any service, seen on the firewall. Nowadays you can do this on all ports and with TLS1.3 etc. There are applications, which were designed to work without any decryption, as on that point of app creation, there was no such product of decryption. 

    The DPI is completely separate from the firewall stack. You can trigger decryption and a app filter. You can trigger only appfilter but no decryption. You can trigger only decryption but no app filter etc. 

    The DPI will take the traffic first, decrypt it and pass it to the modules to do there job. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you. I have been experimenting with SSL/TLS rules and so far only broken two applications, one was fixed by enabling the web proxy the other is video streaming which I can't find why video fails to start. Nothing obvious in logviewer att his stage.

    I have noticed that some of the applications I had to create special policies for are blocked in SSL/TLS scanning by categories. I suspect though the site when it gets its act together will no longer be classified a virus etc source by Sophos.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML