Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 6093 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Selective HTTPS decrypt

maph_

I'm a new XG customer on 17.1.2 coming from a competitor UTM.  I'm trying to set up HTTPS decrypt & scan and it works...but with some caveats.  I've got users claiming they can't download attachments from their email (G-Suite).  I also don't care to decrypt ALL traffic.  I'm in an EDU environment, so I really only care about Search Engines and maybe social networking.  

This is a little bit backwards from what I'm used to, but I am right in assuming the best way to accomplish this would be to create an exception and include all website categories in that exception other than search engines (i.e. attached)?  What's the best way in general to accomplish this.  Most traffic is HTTPS nowadays and I don't need to decrypt it all.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to maph_

    Hello

    I have never been able to make this function properly simply because web sites are very poorly categorized in real life.  For example, while I was testing it, "www.intel.com" was categorized as "unreliable download file site" (or something like this) instead of something more realistic and meaningful.  You would check the day after, and categorization had changed.  The answer I got from Sophos was that Web sites categorization was based on users' requests.  Which makes the whole thing collapse.  If web sites like "www.ibm.com" can be re-categorized by few hundreds of users' requests, categorization becomes very unreliable and dangerous.  It could be manipulated by just anyone out there.

    It will grind hundreds of your precious hours.  Forget it, it does not work as it is.

    Paul Jr

  • 0 in reply to Big_Buck

    Hi Paul.

    I understand that you are still upset that downloadcenter.intel.com was categorized as "Download Freeware and Shareware" but I think it is wrong to say that all categorization is poor or changes randomly.  I maintain that categorizing the downloadcenter as a download site is valid - even if you had a rule to block "Download Freeware and Shareware".  The people doing the categorization do look at user requests and then make an informed decision on what the most appropriate category is.  In this case, they agreed with you and switched it to what the rest of intel.com is - Information Technology.

    We are continuing to work on the quality of the categorization.  This will be a never ending task.  However categorization currently doesn't make it to anyone's list of top customer issues.

  • 0 in reply to Big_Buck

    Forget what exactly?  HTTPS decrypt all together?

  • 0 in reply to Michael Dunn

    I'd agree.  Never had a real issue with categorization.  It's actually more accurate than my previous UTM and some cloud based alternatives I've used.  Occsasionally I'll see a site categorized as shareware that I have to whitelist.  But I'd rather be safe than sorry and whitelist as needed.  

  • 0 in reply to Michael Dunn

    Michael ... It is not only one site that behaves like this.  Our Purchasing Manager had to go to major suppliers web sites, like Parker, US Motors, Schneider Electric, Siemens, Sumitomo et.c. et.c. Very large suppliers.  He would come upstairs many times a day.  Our bank - which has hundreds of thousands of users - was categorized "Job Search". Our drafting department where they have to download drawings on customers' web sites (Large General Contractors) was failing all of the time. It was like this days in, days out.  Users knocking at my door for yet another exception.

    This method of letting users rate websites and then assuming it is safe is just crap in a working environment.