cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Ivory

HTTPS Inspection of Traffic Flow - HTTPS, FIREWALL AND IPS

We have enabled HTTPS inspection covering IPS, IDS, antibot and antivirus. What should be appearing first on the traffic rule in the firewall. Because I normally see https inspection then firewall then IDS. Could you kindly provide an idea on how to carefully analyze these. Which blade should be first appearing on the traffic thats my concern.

2 Replies
Highlighted
Admin
Admin

Re: HTTPS Inspection of Traffic Flow - HTTPS, FIREWALL AND IPS

In general you can expect Access Control logs (firewall, VPN, App Control, URL Filtering) to come up before Threat Prevention logs.
HTTPS Inspection may be required before either Access Control or Threat Prevention makes sense, so these logs may appear before the others.
There are circumstances where it might vary from this slightly.
If you have a specific concern, a concrete example from your logs would be helpful.
Highlighted

Re: HTTPS Inspection of Traffic Flow - HTTPS, FIREWALL AND IPS

 

Policy Matchimg.JPG
Picture is from Slides in article: HTTPS Inspection Best Practices TechTalk: Video, Slides, and Q&A

PS: Log entries should appear in a similar order.

Tags (1)
0 Kudos