In previous article, I introduced how to use http filtering on Sophos XG Firewall. But a complete security solution has to perform deep packet scanning, also called HTTPS scanning
This article describes the steps and conditions of using HTTPS scanning.
Active HTTPS Scanning
Go to Web console with admin privilege
Go back to a rule which have HTTP scanning
Turn ON -> Decrypt & Scanning HTTPS
When you actives HTTPS scanning, all clients cannot go to www because they don’t have SSL CA Certificate.
What can I do now?
Go to Objects > Identity > Certificate Authority
Download SecurityAppliance_SSL_CA (.pem forrmat)
In Windows, go to Microsoft Management Console (MMC) – Run>MMC
In Console Root, File > Add/Remove Snap-in… (Ctrt +M)
Selects Certificates and Add > Computer account > Finish
In Trusted Root Certification Authorities > Certificates. Performing Import *.pem file
If the system have too many clients, you can use GPO in Active Directory to deploy it. But GPO in not support pem file, you must export this CA to a format file what can be used by GPO.