04-29-2022 02:37 AM
Is there any way to bypass the Telegram app traffic for SSLdecrypt? any idea?
04-29-2022 10:02 AM
Firewalls are positive enforcement, meaning they will only do explicitly what you tell them to.
If you don't have a rule to decrypt telegram, it won't happen.
If telegram is being picked up as a different app, you can create or modify existing App-IDs to get granular enough to exclude/include.
If you are a user on a corporate network that IS decrypting telegram, this isn't the place to talk about offensive sec and product bypassing 🙂
05-01-2022 10:55 AM
The SSL decrypt rule are based on categories. So no option to only no decrypt "telegram".
05-02-2022 09:25 AM
You have the ability to create custom categories (EDLs, static lists, etc)
05-03-2022 01:33 AM
SSL Decrypt is controlled via URL category and you can also use ports within the Decrypt policy, frankly I am shocked that Telegram does not use a pinned-cert, if it did it would be in the Decryption exclusion list Device > SSL Decryption Exclusion however the best thing to do would be (in the absence of any useful info on the Telegram website) carry out a packet capture on the firewall and identify the traffic in question and more accurately check where the app is going URL wise.
A good starting point would be a custom URL category with Telegram added and then a do not decrypt policy above your broad decryption policy, however the packet capture would show the detail and this could also be added to the URL category.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!