SSL inspection migrate from Fortinet to Sophos XG

Hello,

On Sopohs XG It works in the same way, you can choose between decrypting the entire connection or just analyzing the Certificate.

By default on v18 the DPI Engine is always checking all TLS connection and It's certificates, if you create a Web Policy for your users, It will automatically enforce It on both HTTP & TLS Connections, over all ports & applications. *Depends on how you configure the Firewall Rule.

Another thing, you can enforce anything you want on the TLS Session (By creating Don't Decrypt Rules), such as blocking TLS 1.0 or TLS 1.1, or even blocking insecure ciphers without having to decrypt the connection (Import a certificate)

You can check more information about this, at the Docs.

Thanks!

Hello,

On Sopohs XG It works in the same way, you can choose between decrypting the entire connection or just analyzing the Certificate.

By default on v18 the DPI Engine is always checking all TLS connection and It's certificates, if you create a Web Policy for your users, It will automatically enforce It on both HTTP & TLS Connections, over all ports & applications. *Depends on how you configure the Firewall Rule.

Another thing, you can enforce anything you want on the TLS Session (By creating Don't Decrypt Rules), such as blocking TLS 1.0 or TLS 1.1, or even blocking insecure ciphers without having to decrypt the connection (Import a certificate)

You can check more information about this, at the Docs.

Thanks!

Great reply, thanks ! :)