topic Re: Https Inspection on SMB (centraly managed) in Spark Firewall (SMB)

Https Inspection on SMB (centraly managed)

lrossi89 — Tue, 24 May 2022 15:51:13 GMT

Hi everyone,
I would like to share this scenario:

(MGMT) Smart-1cloud (Cloud)
(Gateway) SMB 1800 (Cently Managed)

We activated the HTTPS Inspection.

We find difficulty in making regex (they don't seem to work like those on normal Gaia)
1. is there a right way to write?
Https Inspection Blade randomly goes in Freez also with the latest firmware R80.20.40 and block all the communication to internet (only for subnet under https insepction)
1. Has anyone had the opportunity to make a similar installation with activating ALL THE BLADE and having stability in the installation?
2. can anyone suggest a stable firmware with all blades active?

Re: Https Inspection on SMB (centraly managed)

Sorin_Gogean — Tue, 24 May 2022 19:50:52 GMT

Hey,

We got HTTP Inspection enabled on our boxes too (R80.40 and afterwards R81) - but are bigger than your SMB1800 - and we didn't had any issues like you say.

Can you show your HTTPS policies ?

Don't understand the HTTPS and RegExp part, were you defining Custom Applications ?

(I remember reading somewhere that RegExp is not recommended in some situations as it's CPU intensive)

Why you activated all blades, are you using all those features - just askin.

Thank you,

Re: Https Inspection on SMB (centraly managed)

PhoneBoy — Wed, 25 May 2022 02:40:12 GMT

It should be the same as regular Gaia in terms of regex.
I would engage the TAC to address both these issues.

Re: Https Inspection on SMB (centraly managed)

G_W_Albrecht — Wed, 25 May 2022 07:38:41 GMT

Using HTTPS inspection causes high(er) load on GWs - especially on SMB appliances with a small hardware footprint. If more traffic has to be processed, it may be needed to exclude parts of the traffic from TP or disable some blades features to avaoid high load or freeze.

Re: Https Inspection on SMB (centraly managed)

lrossi89 — Fri, 27 May 2022 12:11:48 GMT

I also with Gaia Normal, everything works regularly.
The problem seems to be on the SMB software.

Active all the blades because I personally as an approach I try to maintain the security level is the highest possible

Re: Https Inspection on SMB (centraly managed)

lrossi89 — Fri, 27 May 2022 12:13:46 GMT

I will certainly do it, but I would expect something precise and stable as on the normal Gaia, since it is not a new functionality

Re: Https Inspection on SMB (centraly managed)

lrossi89 — Fri, 27 May 2022 12:17:47 GMT

The load of these machines is really low reach a maximum of 20%.
Let's say that disabled features is not a way I appreciate, surely I will investigate with the TAC, but I wanted to understand if others have found stability with some precautions, maybewith a particolar version of the firmware etc....