This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos HTTPs Scanning and Unifi AP's

Hello, hoping someone can help. I am wanting to enable HTTPS scanning on the network but running into a problem when users connect to our guest wifi thru the use of connect Unifi APs. Do I need to set up the Sophos XG certificate within that system in order for users to browse the internet successfully?

Thanks

This thread was automatically locked due to age.

0 Prism over 5 years ago

Hi,

SophosNewby said:
. I am wanting to enable HTTPS scanning on the network but running into a problem when users connect to our guest wifi thru the use of connect Unifi APs. Do I need to set up the Sophos XG certificate within that system in order for users to browse the internet successfully?

Are you on v17.5 or v18?

You should enable HTTPS Decryption only on devices you can install the certificate authority from XG. Your best bet is assign a static IP with XG DHCP over your devices that have the certificate installed and create clientless users with them, so you can create rules and policies of HTTPS Decryption only on those devices, so at the end, it doesn' bring issues for the rest of the network, or on the devices that don't have the certificate installed.

Also, you should never decrypt traffic from your guest network, primally that it won't be possible since any device would not trust your certificate.

Also, about:

SophosNewby said:
Do I need to set up the Sophos XG certificate within that system in order for users to browse the internet successfully?

No, on v17.5 all you need to do is enable Web Proxy, there's no need to decrypt the traffic to allow a device to connect on the internet.

While just proxing the connection, you will still be able to block HTTPS traffic with categories and URL groups with the desired Web Policy.

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel