cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
Ugur_Urel
Ivory

User web activity application detection

Hi all,

In the "Application and URL Filtering" report of the Smart Event, in the "high bandwidth user" view, for some users we see applications like "HTTP/2 over TLS" and "SSL Protocol". Beside these applications we can also see applications like youtube, facebook etc. (I have attached a picture from an example report)

What we want to understand is what kind of access generates these traffics? ("HTTP/2 over TLS" and "SSL Protocol"). These applications seems like protocols, not applications, so in stead of these shouldn't we need to see the real application/site?

Capture.PNG

0 Kudos
3 Replies
Admin
Admin

Re: User web activity application detection

HTTP2 comes from web browsers.
SSL shows for things that aren't necessarily web browsers but are clearly communicating using it.
Would need to see screenshots of example logs and the relevant matched rule(s) to comment further.
0 Kudos
Employee+
Employee+

Re: User web activity application detection

For additional context is the gateway configured for HTTPS inspection and what version is it installed with , R80.30 (with SNI)?

0 Kudos
Ugur_Urel
Ivory

Re: User web activity application detection

Hi,

 

Thank you for the replies. I have attached some logs and the relevant rule. In the rule "Genel Erisi..." is a site group and contains some URL categories.

Gateway is configured for HTTPS inspection and running on R77.30. But I'm not sure about SNI, where can I check if SNI enabled?

1.PNG2.PNG3.PNG

0 Kudos