QUESTION - SSL/TLS policy order

I have created my own SSL/TLS policy which even though I selected top, it is third on the list. So the question is how do I make my specific policy the top policy so that like firewall rules the traffic flows down the policies until there is a match? The generic policies will always catch the specific traffic and my policy will never pass traffic.

I don't want to disable the generic policies because they are used in other places.

Ian

Parents

0 rfcat_vk over 5 years ago

Update, created all the rules again after a false start with s failed website. None of the SSL/TSL rules show any traffic. The firewall rule shows traffic.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 LuCar Toni over 5 years ago in reply to rfcat_vk

Thats a known issue with the "none traffic shown in the Rule".

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Michael Dunn over 5 years ago in reply to LuCar Toni

You can drag reorder using the grabber on the left (left of the checkbox). This is the same as ordering firewall rules.

The two exception rules are always on top.

In EAP1 the TLS rules do not show any traffic. This is not a bug, it is feature not yet complete and is scheduled to come in a later EAP.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Dunn over 5 years ago in reply to Michael Dunn

Bandwidth will be in EAP3.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rfcat_vk over 5 years ago in reply to Michael Dunn

Hi Michael,

thank you for those explanations.

I will be a little picky though, without data throughput being displayed I find debugging the rules very difficult eg which rule is passing the traffic, is the rule I setup working?

I am trying to use the SSL/TLS inspection on my IoT devices.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v21 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Dunn over 5 years ago in reply to rfcat_vk

I understand, and it is a an absolute must have for the final v18 product.

If you were part of the threads all asking for "when is v18 coming" you can understand that there is a push to get the EAP into the communities hands as quickly as possible, balanced against getting enough of the features done and the quality bar high enough. This was a feature that could go to EAP1 without as it is more about reporting and debugging.

I don't know if it helps, but the the Policy Tester has been updated to include all the SSL/TLS stuff (I think EAP1 has it). Its not real traffic, but it if you know what your traffic looks like it should work.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Michael Dunn over 5 years ago in reply to rfcat_vk

I understand, and it is a an absolute must have for the final v18 product.

If you were part of the threads all asking for "when is v18 coming" you can understand that there is a push to get the EAP into the communities hands as quickly as possible, balanced against getting enough of the features done and the quality bar high enough. This was a feature that could go to EAP1 without as it is more about reporting and debugging.

I don't know if it helps, but the the Policy Tester has been updated to include all the SSL/TLS stuff (I think EAP1 has it). Its not real traffic, but it if you know what your traffic looks like it should work.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data