Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL traffic over NON-SSL ports

Moeed Aziz

Hello,

I have an online portal from one of our partners which uses port 5443. The traffic to this site is being denied by application filter on account of "SSL Traffic over Non SSL Ports"

Allowing this specific application under the category Infrastructure solves the issue.

But, is that advisable? Isn't there a way to allow this specific site or IP address to be exempted from such blockage, rather than allowing all applications that are sending SSL traffic over Non SSL ports?

i have tried the "Local TLS exclusion list" in URL group that refers to SSL/TSL exception rules but that did not work.

Any help will be highly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  Thank you for reaching out to the Sophos community team, it may possible that the portal may be generating traffic on SSL protocol on port 5443 and due to that it may get matched under the predefined app category which matches such kind of traffic.

    Instead of allowing application in-app filter, you should create top FQDN/IP based rule along with service ports getting used by that portals as in workaround as the portal is known to you and traffic is trusted on that destination. 

    With test rule creation as per above on top and if it is still not working then you may try by adding a rule in CLI exception as per below KBA:

    set ips ac_atp exception fwrules x

    support.sophos.com/.../KB-000038900

    If you really wanted to investigate it is false positive or true detection then you may log a support case where one of our team members may validate by capturing the TCPDUM, PCAP, required service debug logs to conclude it further and if required may raise a LAB request to get some validation from them.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • 0

    Hi  Thank you for reaching out to the Sophos community team, it may possible that the portal may be generating traffic on SSL protocol on port 5443 and due to that it may get matched under the predefined app category which matches such kind of traffic.

    Instead of allowing application in-app filter, you should create top FQDN/IP based rule along with service ports getting used by that portals as in workaround as the portal is known to you and traffic is trusted on that destination. 

    With test rule creation as per above on top and if it is still not working then you may try by adding a rule in CLI exception as per below KBA:

    set ips ac_atp exception fwrules x

    support.sophos.com/.../KB-000038900

    If you really wanted to investigate it is false positive or true detection then you may log a support case where one of our team members may validate by capturing the TCPDUM, PCAP, required service debug logs to conclude it further and if required may raise a LAB request to get some validation from them.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?