Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infrastructure category

IT AMQP

Hello All;

            I have an issue with my sophos XG firewall.

when i generate any report i found that there is a big traffic related to Category named "infrastructure" and once i open it i found Application/proto:port named "Secure Socket Layer Protocol"

I need to monitor this traffic to know which application make this traffic and close or remove it if it is harm application.

 

My configuration is below:

- Sophose firmware:  SFOS 17.5.8 MR-8

- i have one rule that allow all http and https only

- web policy configured to allow all.

- application policy configured to allow all.

- checked "Scan HTTP"  , checked "Decrypt & scan HTTPS"  , checked "Block Google QUIC"

- the cert "Default" and "SecurityAppliance_SSL_CA.pem"  installed on the PCs in the trusted root section.

 

thanks in advance.

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to IT AMQP

    Every menu is a drill-down menu so you can click and click until the IP, user and so on.

  • 0 in reply to lferrara

    I have already done this as below

    > clic on   Category : Infrastructure

    > then clic on    Application/proto:port : Secure Socket Layer Protocol

    >then clic on   Technology : Network Protocol

    > then clic on   Host : <PC IP>

    > then clic on     User : Unidentified        **undefined because i applied the policy on IPs not users as i still not configured STAS

    finally it show me the destination countries and destination public IP so also I couldn't know which application that consume this traffic.

     

     

     

  • 0 in reply to IT AMQP

    Hi,

    I have the same issue, 680MB of infrastructure. Possibly will be cleaned up when the Apple fix is released and I can start scanning https again.

    ian