Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 415 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DPI on port 80/443 category lookup as unknown

Jarod Pretender

Hello,

I'm currently using SFOS 18.5.2 MR-2-Build380
I noticed the same thing in SFOS 18.5.1 MR-1-Build326

When using the new DPI engine (with or without decryption does not matter)
I also see this on multiple devices with different OS (Windows, IOS, Android)

The log viewer (both web filter and ssl/tls inspection) is showing category as unknown.
The DPI 'case' we talk about is http (port 80) and of course https (443).

When using Web proxy all categories are detected fine.
Also the policy tester is giving the correct result (using DPI or Web Proxy).

This seems to be more than a log viewer issue because when using DPI and have a do not decrypt ssl/tls rule with a category (service=https) i have to add uncategorized. Seems more like a category lookup issue when using DPI...

I started from scratch (default config) and as simple as possible to confirm.

Allow all web categories, no IPS and Application rule Allow All
Still same issue...

Anyone any thoughts on this one?


Greetings,

Jarod



This thread was automatically locked due to age.
  • 0

    Hi,

    you will need the IPS because it is part of the classification process. DPI does not perform all the lookup functions that the proxy does so you do not get complete policies applied to firewall rules. That is one of the downsides of the DPI which is why  I use it on firewall rules with devices that I cannot install CA on.

    Ian