SFOS 21.5.0 GA-Build171 http/https scan not scanning with Appliance Cert

Question

After moving from SFOS 21.0.1 MR-1-Build277 I noticed all web traffic is no longer being scanned by my outbound rule where I have " Scan HTTP and decrypted HTTPS" set. I have checked the outbound activities from specific IPs where the rule is applied and the client is seeing the Internet Cert for the actual site and not seeing the SOPHOS Appliance Cert as it was previously. I have attached the Web General settings, current activity log as well as the rule details showing the scan setting checked. 
 Is there now another setting to ensure the web traffic is being decrypted and scanned? Any help appreciated.

LuCar Toni · Answer

The Box "Scan HTTP and Decrypted HTTPS" refers to "already decrypted HTTPs" by either the Proxy (you do not have the box selected on the right" or the TLS/SSL engine. 
 But you have selected "Decrypt connection and show block page" - Which basically means - If the Firewall sees an Website it should block but it is a HTTPS Site but you are not decrypting, we will still try it to show the block page. 
 See here for more info: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/121482/sophos-firewall-https-decrypt-and-scan-faq#mcetoc_1hbv83qnp9

Vishal_R · Answer

Hi Rick Dunn Thank you for connecting Sophos community team. Please review the SSL/TLS inspection rules to confirm rule action is to decrypt or not. 
 If needed, please create a new rule for one machine with a decrypt action and validate the status, and if that works properly as per the requirement, then in the original rule, apply the decrypt action. Apply HTTPS decryption

SFOS 21.5.0 GA-Build171 http/https scan not scanning with Appliance Cert

Top Replies