XG v18 EAP2 PRX / DPI FLAG not alight on the Firewall rules page??

Question

Can anyone help me out with my v18 EAP2 DPI HTTP & HTTPS decrypt and scan as ive followed the guide that has the table with the Web proxy & DPI engine setups on but ive got the HTTPS decryption running as its registering on the Control Centre but Ive not been able to get the PRX Flag on the Firewall rules to light up which it should be doing if its using the DPI engine and not the web proxy but ive not been able to get that Flag to light back up since i noticed it the other day but since lost it?? 
 Also with the DPI web engine on should I still be using an SSL/TLS rule or should the DPI engine work with only the default 2 that are originally there? Ive had to setup a rule with the same source and targets as the Firewall rule im using for the CC to show decrypt & scanning running? With those SSL rules setup will HTTPS traffic still be rencrypted the client side of XG once DPI has done its scanning? 
 I realise this is all still rather new but ive been trying to make use of the available documentation for EAP2 but im still not sure ive got my DPI engine setup right becuase im not seeing that PRX flag? 
 Thanks in advance!

shred · Accepted Answer

I was a little confused about this as well, but the PRX will be highlighted when you are using the web proxy. When you’re using the DPI engine, it will not be highlighted and the text next to it says “Use DPI engine”. Again, I think it’s a bit confusing as well as it doesn’t follow the logic of the other icons. It would really be more clear if there was a separate one labeled DPI and when the web proxy is not used, it says “Disabled” or “—“ next to PRX (same logic the other icons use).

---

Sophos XG guides for home users: https://shred086.wordpress.com/