Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 5001 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL is always ON

Vincent Dziubalka

Hello, I have a problem with SSL scanning. i

I can not turn it off. I turned it off but it is still scanning.

 

I have only two firewall rules. SSL scanning and encryption is in both off.

 

Can someone help me?

 

Best regards

 

 

*****************************************German******************

 

Hallo,

 

ich habe folgendes Problem. SSL scannen ist ausgeschaltet. Trotz allem werden geblcokte Seiten,

z. B. möchte ich Facebokk blocken, weiterhin gescannt und mit dem Zertifikat der Firewall signiert.

 

Kennt jemand das Problem?

 

Viele Grüße und vielen Dank



This thread was automatically locked due to age.
  • 0

    Hi,

    please post screenshots of your firewall rules.

    Ian

  • 0

    Hello,

    here are two screenshots.

    The problem is, I want to block for example facebook, SSL scanning is in the firewall rule off. But Sophos is still scanning.

     

    If I block a website, is it always with SSL encryption and scanning so I cant turn it off?

     

    So here we can see, in the Firewall rule its off.

     

     

    The web rule works, but only with SSL encryption

     

     

    The web rule standard configuration......

     

    The section for HTTPS encryption uses the Security Apliance Certificate for scanning, but I cant find a checkbox to turn it off.

    So is it always on?

  • +1 in reply to Vincent Dziubalka

    Hi,

    I think you have a misunderstanding of scanning.

    The certificate you are wanting to turn off is actually showing what is the default certificate for your XG. It is used for mail etc.

    If you want to stop facebook you will need to enable https scanning and use web and application control. 

    If you don't have any firewall rules with https enabled then you are not scanning the web traffic.

    Please  post the log entries and screenshot showing that https scanning is still occurring.

    Ian

  • 0 in reply to rfcat_vk

    Hello,

     

    I think it is on because the facebook original certificate is exchanged with the sophos SSL certificate.

     

    So why changed the certificate if SSL scanning is off?

     

    If I disable the web rule, facebook has its own original certificate.

  • 0 in reply to Vincent Dziubalka

    Ahhh damm

     

    Sorry now I understand....