IPS without HTTS inspection

mariuszchlebow · ‎2021-01-18

Hello,

Is there any document I can follow to understand how IPS works without HTTPS inspection enabled?

the_rock · ‎2021-01-18

Hi Marius,

Maybe you can clarify the question...when it comes to IPS, I dont believe functionality changes regardless if https inspection is used or not. Really, say if you dont use inspection, then gateway wont be aware of the content that is going through the ssl encrypted tunnel, thats all.

Andy

JackPrendergast · ‎2021-01-18

Hi Marius,

Threat Prevention blades will scan whatever it can see. Without HTTPS inspection, it will be minimal these days.

Traffic that is subject to scanning via the Threat Prevention blades will traverse the PXL (medium) path eventually.

Please use this info for your future studies, or drop a line below for anything else 🙂

the_rock · ‎2021-01-18

I would not agree totally that it would be minimal...it will scan based on whats enabled : )

mariuszchlebow · ‎2021-01-18

Hi Jack,

Thank you. Can we say that all what's encrypted will not be matched by application vulnerabilities signatures? CP IPS is only aware of unencrypted application layer and network layer 3/4 behaviour, right?

MartinTzvetanov · ‎2021-01-19

correct

Are you a member of CheckMates?

IPS without HTTS inspection