As long as you open a https page via browser you may see that there is an ssl verification error and xg did block traffic.
as tls verification is also implemented in FTPS (Scan FTP for Malware) you wont get any message on fails, you just can imagine that traffic won't pass because of an tls error.
same if https is use by applications e.g. internal software updates3 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Version 18 has a new SSL/TLS decryption engine that provides much more log informatino about success or failure of SSL/TLS connections
The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.71 votes
Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.
This reduces the rules required and keeps it more unified..
At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.97 votes
- Don't see your idea?