[FEEDBACK] SSL Decryption

Hello Sophos Community,

Firmware ver. 18 is coming.

Ill open up this topic because I would like to lean/find-out what a best practice is to setup SSL Inspection Rules with X-Stream DPI Engine.

Right now the test viruses over https get blocked at the firewall without triggering my Anit-Virus. (Nice) 

All other Application Run atm:

- Epic-Launcher
- Discord
- Steam
- Netflix (Browser-Edge[Chromium])
Excluded over Live-Log
- SteamChat
- SteamDownloads (akamai)
- Netflix Video Delivery (nflxvideo)

Best regards
Eli.


Parents Reply
  • SSLx follows the first match process in finding a Rule.

    The matching criteria are all those fields in the rule. 

     

    For example: 

    Rule 3 One Client

    Rule 4 The Client Network

     

    Rule 3 will hit for traffic coming from your Client.

    Rule 4 will hit for every traffic coming from your client network, but not for the Client, because this traffic is already matching with Rule 3. 

     

    In the Decryption Profile, you can block all unwanted stuff, if needed. 

    __________________________________________________________________________________________________________________

Children