Web-browsing application being identified instead of SSL on port 443.

L1 Bithead

Web-browsing application being identified instead of SSL on port 443.

We just noticed that in our traffic logs there is traffic with the web-browsing application identified with a destination port of 443. The rule it is hitting on is only a port based rule with 80 and 443 as dest ports. 

 

My question is why would the traffic match the signature of web-browsing since the standard port in the App is 80? Is it because we are not enforcing application-default at a firewall rule so the traffic is identified by the signature reguardless of port?

L4 Transporter

Re: Web-browsing application being identified instead of SSL on port 443.

you are right, switch ACL to use application-default and it will stop passing traffic.

Community Manager

Re: Web-browsing application being identified instead of SSL on port 443.

Unless you have ssl decryption enabled which could identify web-browsing inside ssl, it is possible there is unencrypted http using port 443. Due to the ports being set manually, application defaults are not being enforced and the sessions are allowed to pass

 

Enabling application default will block these connections 


Help the community: Like helpful comments and mark solutions
Reaper out
L2 Linker

Re: Web-browsing application being identified instead of SSL on port 443.

So reaper in that case if SSL Decryption is enabled which is identifying web-browsing over 443, I have to  allow this behaviour in security policy & I don't think it is a best solution. 

 

For e.g. I am allowing & decrypting a sports category  website which is showing decrypted  but sesion allowed over port 443 for web-browsing due to loose policy allowing any app over port 80/443. This in not ideal solution with Decryption tured ON. 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!