Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 617 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After decrypt and scan HTTPS enabled;

Can carmack

Hi community,

 

I'd like to scan secure socket layer with non secure layer for web access (http&https)
After deployment of certificates to clients web browsing filtered successfully.

But problem appears on aplications.
All applications that use ssl not working on windows computers. For example; remote apps like logmein, teamviewer.
And apps in phones.

 

A bit confused on this situation.
Is there another or proper way to filter ssl connections for apps rather than web browsers?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    For application generated traffic, please review the following KBA to bypass the domain or website required for the application: Sophos XG Firewall: How to bypass the web proxy in Transparent Mode.

    Check out the following document for more information on HTTPS scanning: HTTPS Decrypt and Scan FAQ.

    Thanks,

  • 0

    In Windows, most applications will trust the CAs that are installed and trusted by the OS.  This is the same as the one in IE11/Edge.  Firefox has its own certificate store.

    If you can browse to web locations in IE with no warnings and HTTPS being decrypted, most applications should work.

    Some apps - especially ones that try to detect if they are inside your network or outside - try to contact servers using several methods an expect them to fail in specific ways, but XG's block/error pages change that behavior in ways they do not like.  Go to Web > General Settings and select "Drop connections without a user notification".  See if that improves things.

    There are one or two apps (snapchat?) that do no like Pharming Protection.  You can try turning that off.

    You can create an exception to HTTPS decryption for specific destinations that certain applications use that just don't seem to be happy when decrypted.