Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blade
Explorer

Https inspection fail mode

Outbound Https inspection


If I enable this setting, would I no longer have to create inspection bypass rules in the policy? a single rule to inspect all https traffic to the Internet, if it is not possible to inspect, the https inspection blade automatically bypasses.


What I want to do is decrypt all traffic that can be decrypted by the https inspection blade so that the other threat prevention blades can check the content, if this is not possible for technical limitations instead of creating rules for each site, it is the firewall that makes the decision automatically to let the traffic without decrypting it.


Is my understanding well for this parameter? Or is there another configuration to achieve this goal?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

The fail mode only applies if the gateway and the remote server can’t agree on ciphers, if client certificate authentication is required, or a handful of other conditions.
Otherwise you still need bypass rules.
If you run R80.40 or R81 gateways and management, you can use Updatable Objects which contain known services that require bypass.
You may still need some bypass rules but this will minimize the work required.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events