Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Question about Protected Scope for Threat Emulation

In Threat Prevention Profile properties, under "Threat Emulation" / "General" / "Protected Scope" section we have the ability to define if we are inspecting traffic from External, External + DMZs or All interfaces.

Will the "Protected Scope" property of the rule itself supersede this configuration and make it applicable to the scope specified in it?

Additionally, will the UserCheck require HTTPS inspection or simply distributing ICA cert will suffice?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

For the second question, UserCheck requires HTTPS Inspection for HTTPS sites.

Will have to check into the first.

0 Kudos
PhoneBoy
Admin
Admin

For the first question, here's what the docs say: 

When you select the Any option in the Protected Scope section of a rule, the traffic direction and interface type are defined by the Profile assigned to that rule. If you add objects to the Protected Scope in a rule, files that match these objects are inspected for all connections.

Which would indicate the Protected Scope of the rule overrides the Profile in this case.

0 Kudos
Vladimir
Champion
Champion

Thank you!

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events