This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inbound SSL Decryption

Steve Shaw over 8 years ago

I guess Sophos UTM can do inbound SSL decryption, not able to find in the configuration guide.

Can some one please advice how to configure this.

Thanks,

Steve

This thread was automatically locked due to age.

0 DouglasFoster over 8 years ago

It is called Webserver Protection (also known as Web Application Firewall, or WAF)
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Shaw over 8 years ago in reply to DouglasFoster

Hello Doug

Thanks for the reply. So i need to turn on WAF functionality (add-on subscription) inorder to achieve this - right ?

Thanks,

Steve
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 8 years ago

If you just want to decrypt and inspect https traffic (man-in-the-middle) that is achieved by setting it up in webfiltering. Beware tough that your clients must have the UTM certificate otherwise they will report certificate errors because the UTM is basically the CA for all certificates.

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Shaw over 8 years ago in reply to apijnappels

what you described is outbound ssl inspection
Cancel
Vote Up 0 Vote Down

Cancel
0 Brandon E over 8 years ago

It depends on what you are trying to do, and what you are defining as 'inbound'. Can you give more details on what you are trying to accomplish?
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Shaw over 8 years ago in reply to Brandon E

Hi Brandon,

By inbound I mean connections coming from the internet going to an internal server behind UTM

Thanks,

Steve
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 8 years ago in reply to Steve Shaw

I may misunderstand you, but that's what the web application firewall does (at least if you're talking about internal web servers).

The web application firewall is a reverse proxy which handles all http(s) requests from internet clients and passes them (after having checked the requests) to the internal webserver(s).

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steve Shaw over 8 years ago in reply to apijnappels

no worries, thanks for your answer.
Cancel
Vote Up 0 Vote Down

Cancel