Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lrossi89
Explorer

Https Inspection on SMB (centraly managed)

Hi everyone,
I would like to share this scenario:

  • (MGMT) Smart-1cloud (Cloud)
  • (Gateway) SMB 1800 (Cently Managed)


We activated the HTTPS Inspection.

  1. We find difficulty in making regex (they don't seem to work like those on normal Gaia)
    1. is there a right way to write?
  2. Https Inspection Blade randomly goes in Freez also with the latest firmware R80.20.40 and block all the communication to internet (only for subnet under https insepction)
    1. Has anyone had the opportunity to make a similar installation with activating ALL THE BLADE and having stability in the installation?
    2. can anyone suggest a stable firmware with all blades active?
0 Kudos
6 Replies
Sorin_Gogean
Advisor

Hey, 

 

We got HTTP Inspection enabled on our boxes too (R80.40 and afterwards R81) - but are bigger than your SMB1800 - and we didn't had any issues like you say.

Can you show your HTTPS policies ?

 

Don't understand the HTTPS and RegExp part, were you defining Custom Applications ?

(I remember reading somewhere that RegExp is not recommended in some situations as it's CPU intensive)

 

Why you activated all blades, are you using all those features - just askin.

 

Thank you,

 

0 Kudos
lrossi89
Explorer

I also with Gaia Normal, everything works regularly.
The problem seems to be on the SMB software.

Active all the blades because I personally as an approach I try to maintain the security level is the highest possible

0 Kudos
PhoneBoy
Admin
Admin

It should be the same as regular Gaia in terms of regex.
I would engage the TAC to address both these issues.

0 Kudos
lrossi89
Explorer

I will certainly do it, but I would expect something precise and stable as on the normal Gaia, since it is not a new functionality

0 Kudos
G_W_Albrecht
Legend
Legend

Using HTTPS inspection causes high(er) load on GWs - especially on SMB appliances with a small hardware footprint. If more traffic has to be processed, it may be needed to exclude parts of the traffic from TP or disable some blades features to avaoid high load or freeze.

CCSE CCTE SMB Specialist
0 Kudos
lrossi89
Explorer

The load of these machines is really low reach a maximum of 20%.
Let's say that disabled features is not a way I appreciate, surely I will investigate with the TAC, but I wanted to understand if others have found stability with some precautions, maybewith a particolar version of the firmware etc....

0 Kudos