Thread Info
  • State Verified Answer
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 1118 views
  • Users 0 members are here
Options
Suggested

Potential Zero Day Protection issue when using SSL VPN

rtthane

I have just set up an SSL VPN, and am able to connect and browse the internet fine. I have been doing some tests against the various features but I cannot seem to trigger a malware alert when my device is connected to the SSL VPN. 

If I visit the eicar.org site and try to download the test file, I am allowed to download it. If I disconnect from the SSL VPN and tunnel through the XG over my LAN, then I get diverted to the block page successfully.

The firewall logs indicate that the VPN traffic is hitting the correct Firewall rule. Web content filtering is also working over VPN, but AV detection isn't.

Anybody else experiencing this?

  • +1

    Currently eicar.org only deliveries the test payload over HTTPS (Encrypted connection).

    If you want the Firewall to be able to detect the test file you will also need to create a TLS Decrypt Rule for the SSL VPN User.

    Since the AV triggers and block while you're over the LAN network, then It's probably because your already decrypting the traffic from the LAN Client - while on the VPN Client you don't have a Policy to decrypt TLS traffic.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0

    Thanks so much for your response. Checked my TLS inspection rule, and overlooked adding VPN into source zones (I only had LAN enabled) which explains everything. Working now - thanks for the pointer!

Unfiltered HTML