Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DPI SSl

This is possibly a stupid question but if I add Dropbox to the dpi ssl exclusion list I take it that any file downloaded from Dropbox will not be scanned by the Gateway Antivirus Service or Capture ATP.


Tom

Category: Firewall Security Services
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I would disagree as it is possible Dropbox could serve a client a file via any of the other non-encrypted protocols, and thus be scanned by GAV or CATP.

  • MustafaAMustafaA SonicWall Employee

    In case the traffic is HTTPS, the payload cannot be scanned since it is encrypted.

  • PurconnPurconn Newbie ✭

    Thanks, guys, I had to put in exclusions for DropBox, OneDrive, GoogleDrive, Sharepoint, WeTransfer, and a few others. I'm not really seeing the point of having DPI SSl on if I have to exclude the very sites we are downloading files from. Am I missing something? Why are they getting blocked when I have all the certs configured on the devices?


    Tom

  • ArkwrightArkwright Community Legend ✭✭✭✭✭
    edited July 2023

    If the client software pins its certs or doesn't use the system certificates then you cannot MITM it because you cannot get it to trust it.

    Just remember that DPI-SSL is a hack, it's somewhat surprising how well it still works in 2023.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Arkwright HTTP/3 (QUIC) will put a nail in the coffin of DPI-SSL and probably most of the Security Services at the Perimeter. I'am not optimistic that it can be addressed properly via Proxy.

    --Michael@BWC

  • PurconnPurconn Newbie ✭

    So then we are basically back to the old days of your endpoint anti-virus software catching it.


    Tom

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Purconn in my (current) opinion (time will tell) I believe days are numbered for Security Services at the perimeter and we're going back to Router (with some bells and whistles) and strong Endpoint Security.

    --Michael@BWC

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited July 2023

    @BWC is spot on. The security services previously provided by UTM firewalls are moving to endpoints. Too many weak links when corporate work from home / mobile devices are so ubiquitous.

    Also QUIC is ruining things for admins, so f google.

  • MustafaAMustafaA SonicWall Employee

    I fully agree, securing and protecting assets is becoming more and more challenging.

Sign In or Register to comment.