Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 101 replies
  • Subscribers 41 subscribers
  • Views 21068 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR1: Feedback and experiences

LuCar Toni

V18.5 MR2: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall-v18-5-mr2-feedback-and-experiences

Release V18.5 MR1 Post (326): https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr1-is-now-available 

https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5

EAP(318) Blog Post: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

"Old" MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences



MR2
[bearbeitet von: LuCar Toni um 7:43 AM (GMT -8) am 30 Nov 2021]
Parents Reply Children
  • 0 in reply to rfcat_vk

    You can turn It off if you want to.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Sorry,,if you want to experiment without having the default exception list get in the road, you cannot turn it off. Turn it off disables SSL/TLS as well as the exception list.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    You can turn off the default exclusion list since v18 EAP, even the managed local TLS exclusion list can be disabled.

    The only exclusion list you can't turn off is the hidden rule #0 for system exclusions. (Sophos domains.)

    DPI Engine will still work fine.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Hi Prism,

    there is nowhere to disable the default ssl/tls exception list even if you do not select in your rule. Whereas in the web exception list you can disable an exception list.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    You're looking at the wrong place.

    The picture you just sent are just the URL Groups that are use on the TLS exception, not the exceptions itself.

    Look again on the picture I've sent above.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    all that does is disable the rule not the exception list. If you review the web exception lists there are disable buttons, but the TLS list does not have the same feature.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Sorry Ian, i am still confused, what you mean. The URL Lists, you linked are used as "Websites" in TLS/SSL DPI. You cannot remove the Local URL List. But remove all others. You can create your own List and rules. 

    What exactly do you want to disable and why? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I was trying to test my own ssl/tls rule to see if I could replace the web proxy in some of my rules but failed because of the default list.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    We are overkilling this thread. Please create a new thread to discuss this issue. 

    __________________________________________________________________________________________________________________

Cookie Information Banner