This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How configure SSL/TLS inspection settings for smartphone apps

Hello there.
I am using XG firewall home edition in my house.
Some of the iOS apps are not available with SSL/TLS inspection enabled. When disabled, they can be used.

I checked LogViewer and in some cases it is Error and in other cases it is not Error.
I am checking LogViewer and iOS apps one by one. If necessary, I add them to the Local TLS exclusion list.

But this is hard work. And I want to respect the children's privacy, so we would like to keep LogViewer checks to a minimum.

How do you configure SSL/TLS inspection settings for mobile devices?

Regards,

XG135

HomeEdition(SFOS 19.0.1 MR-1-Build365)



This thread was automatically locked due to age.

Top Replies

  • Android Smartphones will not work well with decrypting Proxy.

    Even if you install the Proxy CA certificate on the phone, many system and 3rd party apps will not trust certificates in the user store. you cannot add CAs to the system store.

    Apps like firefox allow you to install a custom certificate but many apps will not allow that or no not have an option for that.

    You will need to disable decryption for smart phones to work correctly.

    Jump to answer
Parents
  • I use XG as a dedicated firewall unit in order to have the devices play different roles.

    Can you explain what this means? I'm trying to understand what you are trying to achieve as there may be a better way to configure your network to achieve what you want while respecting the privacy of your children.

    We deal with this issue both with businesses and at home. There isn't a perfect answer. In all situations we have a guest wifi that is segregated from the main network. Where people just need internet access, they connect to the guest network which has no TLS/SSL scanning. This is the same level of security as using their mobile phone signal for internet but protects the rest of your network. This may work for you at home but it depends what your exact requirements are.

Reply
  • I use XG as a dedicated firewall unit in order to have the devices play different roles.

    Can you explain what this means? I'm trying to understand what you are trying to achieve as there may be a better way to configure your network to achieve what you want while respecting the privacy of your children.

    We deal with this issue both with businesses and at home. There isn't a perfect answer. In all situations we have a guest wifi that is segregated from the main network. Where people just need internet access, they connect to the guest network which has no TLS/SSL scanning. This is the same level of security as using their mobile phone signal for internet but protects the rest of your network. This may work for you at home but it depends what your exact requirements are.

Children
  • Thank you  

    > Can you explain what this means?

    a few months ago, my devices were connected directly to the router. I installed XG firewall a few months ago.

    For my network studies and for network-level security. 

    I installed it in bridged mode so that if I change my mind, I can remove it immediately.

    VLAN or guest wifi is nice ideaGrinning I will consider it.

    But I don't wanna create complicated network. If I die, there will be no one left to understand home network lol.