Sophos XG v18: Instructions for handing unusable errors after adding Sophos certificate

Overview

The article instructing the configuration of the Messenger chat application can not be used after adding Sophos certificate, the reason for this problem is that Sophos can not decrypt the encryption protocols of the Messenger chat application despite having a certificate, so the connection from the application to Messenger’s servers is blocked. Therefore, we will configure bypass to decrypt traffic to the server of the application, from which it is possible to use the application again normally

Situations

PC1 after being added Sophos certificate, access to websites and applications has been used normally, but some applications are still not usable (e.g. Messenger)

Diagrams

How to configure

  • When using Messenger, the app is unsusable
  • We go to the log to check -> Enter the Log viewer -> Filter Source IP is the IP address of the computer and log subtype is Error, then we see that Sophos can not decrypt the encryption with the server of the application such as web.facebook.com, graph.facebook.com, 52.0.252.2,…
  • We’re going to create an SSL/TLS Exception policy -> With Don’t decrypt and in categories and websites, we add the URL group that we want sophos bypass and not decrypt
  • At the URL groups, I add the websites found above so that Sophos no longer blocks the Messenger -> To Web -> Entry to the URL group -> Click Add section to create a group URL called Bypass Decrypt and use that group URL to add to the SSL/TLS exception rule
  • After the SSL/TLS exception rule has been created -> Messenger is used normally
  • Check Log

** Note the Web server that we bypass are the pages we have to make sure it’s safe

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.