Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 672 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some web policy exceptions automatically disabled after migration from V17 to V18.

FormerMember
FormerMember

I recently upgraded my V17 XG installation to V18 and noticed some of my added Web Policy Exceptions have been automatically disabled after the upgrade. This also includes some of the exceptions that were added by default in V17, such as Apple and Microsoft Update. I also noticed that a couple of my custom exceptions were disabled, such as one I added for Kaspersky Update. Is this expected behavior? If it is could someone be kind enough to fill me in as to why this is occurring and if re-enabling those exceptions will have any potential side effects? Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you might check the exception list in the SSL/TLS policies to self they have been added there.

    Ian

  • FormerMember
    0 FormerMember in reply to rfcat_vk

    Thanks rfcat_vk I'll be sure to take a look at that. Do you think there would be any potential side effects from re-enabling those exceptions should they also be in the SSL TLS exception list? I have a handful I re-enabled after the migration as part of my post install checks and I'm not sure I'd exactly recall which were disabled in order to disable them again. I'm assuming that the SSL TLS policy takes priority over web policy though I'm not sure. I'll know more once I take a closer look, but I'm curious if XG only needs to see one domain matching in a policy exception to disable the whole group or if all domains added in the given web exception must also be present in the SSL TLS exception for it to be disabled? Thanks again.

  • 0 in reply to FormerMember

    Hi,

    there should not  have been any changes to your exceptions in general because the SSL/TLS also uses that exception list. I see some of my exceptions have been disabled, but a new version was installed.

    If you are using the web proxy then you should enable your exceptions.

    SSL/TLS inspection is part of the DPI. Web proxy is seperate to DPI and does not take priority, rule order sets the priority.

    Ian

  • FormerMember
    0 FormerMember in reply to rfcat_vk

    Thanks for the information Ian I appreciate it. In V17 I did use web proxy but have disabled it in V18 to take advantage of DPI's feature-set. I don't think any of my policies that were disabled were replaced with new versions that I could see but I could have easily missed them, so I will have take another look. V18 is a fair departure from V17 so I'm still learning its intricacies. Thanks for your time.

Reply
  • FormerMember
    0 FormerMember in reply to rfcat_vk

    Thanks for the information Ian I appreciate it. In V17 I did use web proxy but have disabled it in V18 to take advantage of DPI's feature-set. I don't think any of my policies that were disabled were replaced with new versions that I could see but I could have easily missed them, so I will have take another look. V18 is a fair departure from V17 so I'm still learning its intricacies. Thanks for your time.

Children