I am facing a strange error whereby there are no logs in the SSL/TLS inspection even though it SSL inspection is enabled and sophos is MiM the tls traffic. SSL Traffic is sucesfully decrypted on the end client using a custom CA. Logging in enabled in the Decyrption rules but there is nothing is the log viewer
The firewall rule that show - the "use web proxy instead of DPI engine" setting applies to port 80/443 traffic (eg transparent mode). If you are using standard/direct mode on port 3128 then it…
According to your ssl/tls rule there isn't any traffic being passed through it.
What does the firewall rule show for traffic passing through it?
XG115W - v19 GA - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
All traffic goes from Internal network to Sophos so I am using the LAN to LAN rule (Intenal hosts are using sophos via the pac file). The raffic is decrypted as part of the firewall rule as I can see my custom cert as well as decrypted traffic
that didn’t answer my question, what does the firewall rule show for traffic? Also I assume all traffic is routes via a switch which is possibly bypassing the XG interfaces!ian
Not sure if that helps but Traffic from internal client is going to the proxy (port3128 ) and then proxy is initiating connection to port 80/443. I can't see any internal network treaffic (except sophos) reching out directlty to the websites on http/https
Running the policy test for HTTPS traffic seems that traffic is intercepted but "proxy not in use"
when you look at a firewall rule in the list is shows the traffic passed through that rule, that is what I am after.
Best if you provide a simple diagram of your network to help identify traffic flows.
10.1.0.84 ---- router/FW---- ISP modem---- Internet for all traffic except for port 443/80 that is going through the sophos appliance (settings below for the safari broswer)
In the firewall settings, traffic from 10.1.0.84 to external IPs on port 443/80 is blocked and there is a seperate rule to allow traffic from the sophos appliance to the internet on the said ports
Traffic seems to be correctly inspected as I can see the full URI of the encrypted traffic
that is not an XG configuration screen, that looks more like a PC type screen.
You have still not provided the information I asked for about the XG firewall rules.
As well you are not using the proxy,, the proxy box is not ticked..
Indeed the picture is from a broswer as mentioned on the post above. This is the only firewall rule enabled which corresponds to the firewall logs provided earlier
I have also enabled the "web proxy" option instead of DPI and this is the result of the policy test
So, you don't have a switch between your PC and the XG? So how do the other devices that you are trying to communicate with connect the XG?
Changed the default gateway on the DHCP server to be the sophos appliance and traffic is now decrypted. All web traffic is still going through the firewall rules as before