I'm try to test https scanning for virus and it's like sophos cannot check the https. Based on this url http://junosnotes.blogspot.my/2013/09/srx-utm-antivirus-kaspersky-full.html#more it said it will fail for https. Is there any method that i can test the https file.
Thanks and appreciate any help.
Which SRX hardware and software version? It is supported from 12.3X48-D25 / 15.1X49-D40 with SSL Forward proxy enabled.
I'm using vSRX 15.1x49.D100. If it support appreciate if u provide the url that i can follow. Is it need CA (free or buy) if need use SSL Forward Proxy.
Thanks and appreciate your advise.
vSRX supports SSL forward proxy.
You can just generate your own root CA - just ensure that the client device is trusting this CA.
The process is described here: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ssl-proxy-workflow-configuring.html
When u said " generate your own root CA" do u mean generate using SRX itself or using CA server such as microsoft? Currently i dont have CA server coz i'm just test for lab only.
Second question if using this CA so it will not impact the sky atp right because sky atp still need CA generate with srx.
Thanks and appreciate your feedback.
I'm talking about using the SRX itself as a CA. Just look at the part of the guide regarding "Configuring a Root CA Certificate".
If you already have generated a CA for Sky ATP then you should be able to reuse it for SSL FP - as least as I understand the scenario.
It's look like in latest vSRX D100 with latest sophos can support https without enable CA when i test download some zip file on https page.
without knowing all the details it makes sense if it's a public available https-site.
In cases where downloads are happing from a restricted website (eg. webmail) the scanning cannot be done without doing SSL forward proxy.
But again - I haven't looked into these things in details so I cannot comment further.
Thanks for the explaination. Now i'm understand why it can block file on https even not use SSL Forward proxy.