XG firewall SSL inspection

Hi,

have you installed the XG CA on your PCs?

Ian

Hi rfcat_vk again :) Yes I have. The fact is the SSL certificate is not even resigned by Sophos.

Hi,

basically you are saying that the traffic never hits the rule.

Ian

Correct

What devices in your DMZ are using the web proxy for outgoing traffic?

If they are not hitting the rule how are they accessing the internet?

ian

Both two client PCs use web proxy for outgoing traffic, they all hitted the Firewall rule but not the SSL inspection rule

I have a web policy applied that will block certain website. When I browse the forbiddened url the certificates are signed by Sophos, but not for normal websites.

Check the policy test beside logviewer. Is the rule hitting as expected? 

Hi OrnChoi,

If you’re using web proxy, then traffic for ports 80 & 443 will be decrypted by the web proxy. SSL/TLS inspection rules will then be implemented only for web traffic over other ports.

Click here to find more information on 'SSLTLSInspectionRules'.

Thank you, I will try tomorow. 

Thank you, I will try tomorow.