Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 11683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclude devices from https scan

Roger

Hello


Starting https decrypt and scan I found out that it is no longer possible to download images inside whatsapp. Does anyone know if there is some kind of a setting to fix that or if there is the possibility to exclude certain devices from the scan?


Thanks


Roger



This thread was automatically locked due to age.
  • 0

    Roger,

    create an above policy rule where the policy is applied from your Mobile devices to WAN where SCAN and DECRYPT is disabled.

    Thanks.

  • 0 in reply to lferrara

    Hi Luk


    Thanks for your answer. What do you mean with above? A rule at the top of the rules list?

    Is this the only way to fix that?

    Thanks

    Roger

  • 0 in reply to Roger

    Correct.

    The other option is to create a proper Web Filter and Application Filter where you allow What'sApp and attach those Filters to the mobile rule. Of course the rule must be placed before the generic rule LAN to WAN.

  • 0 in reply to lferrara

    Hi Luk

    Where can I find the appropriate ports etc. in the protocols to adjust the web filter?

    There are so many applications in the application filter I haven't seen all of them, I guess since what's app is that famous, it will be also in there.

    Why do you refer to LAN to WAN? I want to download the images from the Internet, shouldn't it be the other way around? I'm still having a hard to to understand the directions, is there a good explanation somewhere?

    Thanks

    Roger

  • 0 in reply to Roger

    Roger,

    whatsApp is inside Application Filter. For App that are not there, you need to wait that Sophos add the Application.

    Traffic goes LAN to WAN, because clients requests to surf on internet (for example) on port 80, so a policy rule is needed from who request the traffic to the destination.

    You can find many article on Internet about Firewall and specially stateful firewall, but the network and security is not an argument that can be learned "on try". So read and study.

Unfiltered HTML