Sophos XG: Web Filtering – part 2 (HTTPS Scanning)

In previous article, I introduced how to use http filtering on Sophos XG Firewall. But a complete security solution has to perform deep packet scanning, also called HTTPS scanning
This article describes the steps and conditions of using HTTPS scanning.

Active HTTPS Scanning

Go to Web console with admin privilege
Go back to a rule which have HTTP scanning

Turn ON -> Decrypt  & Scanning HTTPS

HTTPS scanning

When you actives HTTPS scanning, all clients cannot go to www because they don’t have SSL CA Certificate.

What can I do now?

Go to Objects > Identity > Certificate Authority 

Download SecurityAppliance_SSL_CA (.pem forrmat)

Install CA

In Windows, go to Microsoft Management Console (MMC) – Run>MMC

In Console Root, File > Add/Remove Snap-in… (Ctrt +M)

Selects Certificates and Add > Computer account > Finish

In Trusted Root Certification Authorities > Certificates. Performing Import *.pem file










If the system have too many clients, you can use GPO in Active Directory to deploy it. But GPO in not support pem file, you must export this CA to a format file what can be used by GPO.

Be the first to comment

Leave a Reply

Your email address will not be published.