SSL/TLS inspection

According to your ssl/tls rule there isn't any traffic being passed through it.

What does the firewall rule show for traffic passing through it?

Ian

All traffic goes from Internal network to Sophos  so I am using the LAN to LAN rule (Intenal hosts are using sophos via the pac file). The raffic is decrypted as part of the firewall rule as I can see my custom cert as well as decrypted traffic

Hi,

that didn’t answer my question, what does the firewall rule show for traffic? Also I assume all traffic is routes via a switch which is possibly bypassing the XG interfaces!
ian

Not sure if that helps but Traffic from internal client is going to the proxy (port3128 ) and then proxy is initiating connection to port 80/443. I can't see any internal network treaffic (except sophos) reching out directlty to the websites on http/https

Running the policy test for HTTPS traffic seems that traffic is intercepted but "proxy not in use"

Not sure if that helps but Traffic from internal client is going to the proxy (port3128 ) and then proxy is initiating connection to port 80/443. I can't see any internal network treaffic (except sophos) reching out directlty to the websites on http/https

Running the policy test for HTTPS traffic seems that traffic is intercepted but "proxy not in use"

Hi,

when you look at a firewall rule in the list is shows the traffic passed through that rule, that is what I am after.

Best if you provide a simple diagram of your network to help identify traffic flows.

Ian

10.1.0.84 ---- router/FW---- ISP modem---- Internet for all traffic except for port 443/80 that is going through the sophos appliance (settings below for the safari broswer)

In the firewall settings,  traffic from 10.1.0.84 to external IPs on port 443/80 is blocked and there is a seperate rule to allow traffic from the sophos appliance to the internet on the said ports

Traffic seems to be correctly inspected as I can see the full URI of the encrypted traffic

Hi,

that is not an XG configuration screen, that looks more like a PC type screen.

You have still not provided the information I asked for about the XG firewall rules.

As well you are not using the proxy,, the proxy box is not ticked..

Ian

Indeed the picture is from a broswer as mentioned on the post above. This is the only firewall rule enabled which corresponds to the firewall logs provided earlier

I have also enabled the "web proxy" option instead of DPI and this is the result of the policy test

So, you don't have a switch between your PC and the XG? So how do the other devices that you are trying to communicate with connect the XG?

Ian

Changed the default gateway on the DHCP server to be the sophos appliance and traffic is now decrypted. All web traffic is still going through the firewall rules as before