disable https scanning

Oh, just to kind of wrap this up- we wouldn't have had a problem with the hijacking if the performance wasn't so horrible. Even with HTTPS decryption turned off (which should just make it a passthrough service) it was taking 30+ seconds to load HTTPS websites behind these devices. It was horrible for our users. If the service would actually perform properly with decryption off we wouldn't have had to completely disable it.

I did some testing, and then updated my answer to be more accurate.  I apologize - I'm a web guy not a firewall guy and I should have tested before posting rather than the other way around.  :)

The micoapp-discovery issue is about trying to make it "home user" or anything.  In Cyberroam it was that is an override used by Sales Engineers as a proof-of-concept that forced microapp detection.  In XG, the firewall team understood it one way and the web team understood it a different way.  This ended up with a situation that worked, except in the case where the admin only wanted the HTTPS to pass through without going through the proxy.  We thought it would be fine even if it did go through the proxy, but in the real world some things (like outlook anywhere) don't like it.

As for the performance problem that Robert experienced - this must be some other configuration issue.  Please don't suggest that the XG has a 30-second HTTPS performance problem.  Yes that might have been what you experienced but that is not normal.  It is something in the configuration.

> As for the performance problem that Robert experienced - this must be some other configuration issue.  Please don't suggest that the XG has a 30-second HTTPS performance problem.  Yes that might have been what you experienced but that is not normal.  It is something in the configuration.

These are brand new devices and the only configuration we did with regards to the proxy was guided by your support. Bypassing the proxy following the steps you told me solved the problem, and when we enable the proxy (whose settings we have literally not changed at all) the SSL delay comes back.

Make of that what you will, but in our experience the performance is awful. If you have suggestions on what configuration should be changed by all means let us know, but out of the box and following your company's support team's instructions to disable decryption it was unusable due to performance issues.

> As for the performance problem that Robert experienced - this must be some other configuration issue.  Please don't suggest that the XG has a 30-second HTTPS performance problem.  Yes that might have been what you experienced but that is not normal.  It is something in the configuration.

These are brand new devices and the only configuration we did with regards to the proxy was guided by your support. Bypassing the proxy following the steps you told me solved the problem, and when we enable the proxy (whose settings we have literally not changed at all) the SSL delay comes back.

Make of that what you will, but in our experience the performance is awful. If you have suggestions on what configuration should be changed by all means let us know, but out of the box and following your company's support team's instructions to disable decryption it was unusable due to performance issues.