Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3162 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infrastructure category

IT AMQP

Hello All;

            I have an issue with my sophos XG firewall.

when i generate any report i found that there is a big traffic related to Category named "infrastructure" and once i open it i found Application/proto:port named "Secure Socket Layer Protocol"

I need to monitor this traffic to know which application make this traffic and close or remove it if it is harm application.

 

My configuration is below:

- Sophose firmware:  SFOS 17.5.8 MR-8

- i have one rule that allow all http and https only

- web policy configured to allow all.

- application policy configured to allow all.

- checked "Scan HTTP"  , checked "Decrypt & scan HTTPS"  , checked "Block Google QUIC"

- the cert "Default" and "SecurityAppliance_SSL_CA.pem"  installed on the PCs in the trusted root section.

 

thanks in advance.

 



This thread was automatically locked due to age.
  • 0

    Secure socket layers is the HTTPS traffic, so all normail in your case. If you clic on Secure socket layer protocol, you will find the applications,users, firewall rules and all the data you need to understand if the traffic is ok or not.

    Regards

  • 0 in reply to lferrara

    Thanks for reply.

    Even i clic on secure socket protocol to show the applications , it show me an application technology named "network protocol" so i also couldn't determine which application to control it's traffic.

     

  • 0 in reply to IT AMQP

    Every menu is a drill-down menu so you can click and click until the IP, user and so on.

  • 0 in reply to lferrara

    I have already done this as below

    > clic on   Category : Infrastructure

    > then clic on    Application/proto:port : Secure Socket Layer Protocol

    >then clic on   Technology : Network Protocol

    > then clic on   Host : <PC IP>

    > then clic on     User : Unidentified        **undefined because i applied the policy on IPs not users as i still not configured STAS

    finally it show me the destination countries and destination public IP so also I couldn't know which application that consume this traffic.

     

     

     

  • 0 in reply to IT AMQP

    Hi,

    I have the same issue, 680MB of infrastructure. Possibly will be cleaned up when the Apple fix is released and I can start scanning https again.

    ian