This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Inspection of SSL traffic

After looking through the UTM 9 features it looks like Web Filtering and Web Application Firewall offer a SSL inspection. It's my (potentially flawed) understanding that WAF and Web Filtering do not equal IPS.

Is IPS blind to SSL traffic or is there a way to do SSL inspection in such a way that IPS has a chance to work?

Thanks

This thread was automatically locked due to age.

0 BAlfson over 8 years ago

Hi, Greg, and welcome to the UTM Community!

Intrusion Prevention includes Snort, Anti-DoS Flooding and Anti-Portscan. Before either Proxy gets to see a packet, it must have passed through the Intrusion Prevention checks. Snort compares traffic to certain patterns and blocks any that it knows is "bad."

So, in fact, SSL makes no difference to Intrusion Prevention as it comes into play after the IPS. It's with the Antivirus in the Proxies where packets are disassembled and scanned.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

IPS Inspection of SSL traffic

Submitted a Tech Support Case lately from the Support Portal?