Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 6622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How a firewall identify an application when we have https

Fernando Dias1

Hi Everyone,

We work with Sophos firewalls with several clients and I want to understand how the firewall identifies an application since the application(example: Onedrive) use https and the firewall rule which permits access to the internet DOES NOT HAVE the HTTPS scanning enabled.

Thanks in advanced,

Fernando Dias



This thread was automatically locked due to age.
Parents
  • 0

    Fernando,

    Fernando Dias1 said:
    We work with Sophos firewalls with several clients and I want to understand how the firewall identifies an application since the application(example: Onedrive) use https and the firewall rule which permits access to the internet DOES NOT HAVE the HTTPS scanning enabled.

    To start TLS encryption, there must be a handshake of trust. That begins unencrypted.  This happens by the Onedrive application connecting to a Microsoft or OneDrive website.  Onedrive won't try to connect to Google Drive or to Amazon Cloud Storage to get this authentication.  Sophos has already identified the applications, sites, protocols, and services require to make this work and has programmed this information into your firewall.

    After encryption communication is active, the headers of encrypted packets are unencrypted, so every switch, router, and gateway along the way can determine where to send the encrypted packets.  This allows Onedrive data to flow properly between the client's computer and the client's Onedrive storage.  Your firewall can still read these unencrypted headers whether Decrypt & Scan is on or off.

    Also, if you are integrating Intercept X or Endpoint Protection with your XG Firewall through Sophos Central, your IX and EPP is identifying the application and it's communication to the firewall.  The EPP can see the Onedrive app and it's data before encrypting to send out and after decryption when received.

Reply
  • 0

    Fernando,

    Fernando Dias1 said:
    We work with Sophos firewalls with several clients and I want to understand how the firewall identifies an application since the application(example: Onedrive) use https and the firewall rule which permits access to the internet DOES NOT HAVE the HTTPS scanning enabled.

    To start TLS encryption, there must be a handshake of trust. That begins unencrypted.  This happens by the Onedrive application connecting to a Microsoft or OneDrive website.  Onedrive won't try to connect to Google Drive or to Amazon Cloud Storage to get this authentication.  Sophos has already identified the applications, sites, protocols, and services require to make this work and has programmed this information into your firewall.

    After encryption communication is active, the headers of encrypted packets are unencrypted, so every switch, router, and gateway along the way can determine where to send the encrypted packets.  This allows Onedrive data to flow properly between the client's computer and the client's Onedrive storage.  Your firewall can still read these unencrypted headers whether Decrypt & Scan is on or off.

    Also, if you are integrating Intercept X or Endpoint Protection with your XG Firewall through Sophos Central, your IX and EPP is identifying the application and it's communication to the firewall.  The EPP can see the Onedrive app and it's data before encrypting to send out and after decryption when received.

Children
No Data