Web > General Settings > Block unrecognized SSL protocols Base it on source IP or IP range or on user.īasic on/off flags that covers common settings:
How to exclude a source from HTTPS decryptionĬreate an SSL/TLS inspection rule that is set to action "Do not decrypt". Create your own URL group or custom category and use it in the rule. Make sure the default SSL/TLS inspection rule "Exclusions by website" is enabled.Ĭreate an SSL/TLS inspection rule that is set to action "Do not decrypt". Go to URL Groups and edit the Local TLS exclusion list.Īdd the domain name. This is RegEx, see existing entries for proper syntax.Ĭreate a web exception (as in web proxy mode) Set URL pattern match to be website FQDN. Go to Web > Exceptions and create and exception. How to exclude a site from HTTPS decryption Go to Rules and policies > SSL/TLS inspection rules and create an inspection rule Uncheck "Use web proxy instead of DPI engine"Ĭheck "Decrypt HTTPS during web proxy filtering" Set the services to HTTP and HTTPS (port 80 and 443).Ĭheck "Use web proxy instead of DPI engine" If blocking needed and response is not sent it redirects browser to :8090 to display block page. If blocking needed and response is already started to sent it kills the connection. Performs AV scanning in-line (like Real Time AV scanning mode). Inspects the traffic from client to server.ĭoes little to modify, delay, or interrupt traffic. Terminates the connect from the client browser.Ĭreates a new connection to the web server.Ĭopies data from one connection to the other.ĭelays traffic while it processes access control.ĭelays traffic if using Batch AV scanning mode (default).Ĭan modify headers, changes destination IP, etc.Īllows connection straight from client browser to the web server. It focuses on differences in web for the things you could do in 17.5, and do differently in 18.0. But the overall feature is more than what I am covering. Basically to explain 2) and the relevant parts of 1). The following is an attempt to summarize the differences between the "proxy mode" and the new "DPI mode" (Deep Packet Inspection). The web proxy from 17.5 is still present, and administrators have a choice which mode they want to use. One of the new features that is v18.0 is a new high performance way of handling web traffic, along with new high performance way of doing SSL/TLS decryption, and a lot of new options around enforcement of TLS/SSL rules. FastPath offloading can be controlled through policy toĪccelerate important cloud application traffic, or intelligently by the DPI engine based on traffic characteristics. Processing to transfer trusted traffic at wire speeds. Increased protection from hash/pattern changing applications such as Psiphon proxy.ģ) Xstream Network Flow FastPath: Provides the ultimate in performance by intelligently offloading traffic Pattern matching on decrypted traffic makes patterns more effective and provides It also comes equipped with enterprise-grade controls to optimizeĢ) Xstream DPI Engine: Enables comprehensive threat protection in a single high-performance streamingĭPI engine with proxyless scanning of all traffic for AV, IPS, and web threats as well as providing ApplicationĬontrol and SSL Inspection.
It delivers high-performance, high connectionĬapacity support for TLS 1.3 and all modern cipher suites providing extreme SSL inspection performanceĪcross all ports, protocols, and applications. The new architecture includes:ġ) Xstream SSL Inspection: Organizations can enable SSL inspection on their networks withoutĬompromising network performance or user experience. Sophos is pleased to introduce the new Xstream Architecture for XG Firewall, a new streaming packet processingĪrchitecture that provides extreme levels of protection and performance.