Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhongNN
Participant

SecureXL and Application Control Layer

Jump to solution

Hi experts

I have a question about SecureXL

There is a policy package with 2 Layer: Network ( only Firewall enabled ) and App ( only App&URL enabled )

For accessing to the Internet, I have a rule in Layer network like this:

Src: x.x.x.x  Dst:Any  service: http,https

I must create the same rule in layer App, because we set action DROP on cleanup rule:

Src: x.x.x.x  Dst:Any  service: http,https

So is the traffic accelerating ?

Thank you

Regards

1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion
Champion

Hi @PhongNN,

In principle the connection is processed by SecureXL if it is SecureXL compliant.

If the connection must be checked for content, the PSLXL path (old name PXL) is used. Otherwise the acceleration path is used.

From R80.20 on there are differences in the processing compared to R80.10. The picture shows you the processing in the FW.

sxl.JPG

More read here:
R80.x - Security Gateway Architecture (Logical Packet Flow)

View solution in original post

2 Replies
HeikoAnkenbrand
Champion
Champion

Hi @PhongNN,

In principle the connection is processed by SecureXL if it is SecureXL compliant.

If the connection must be checked for content, the PSLXL path (old name PXL) is used. Otherwise the acceleration path is used.

From R80.20 on there are differences in the processing compared to R80.10. The picture shows you the processing in the FW.

sxl.JPG

More read here:
R80.x - Security Gateway Architecture (Logical Packet Flow)

View solution in original post

PhongNN
Participant

Hi Heiko

Thank you so much for your reply

But i have a question

With layer App ( only App&Url enabled ), in Services & Applications column, only have https and http.

It means FW will not inspection content,right ? 

If i enable both App&URL and FW for layer App, so FW will inspect when S&A column have any one Application, and won't inspect when there are any services ( like https,http, ssh )

sorry for my poor english
Thank you so much
Regards
0 Kudos