Web-browsing application being identified instead of SSL on port 443.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Web-browsing application being identified instead of SSL on port 443.

L1 Bithead

We just noticed that in our traffic logs there is traffic with the web-browsing application identified with a destination port of 443. The rule it is hitting on is only a port based rule with 80 and 443 as dest ports. 

 

My question is why would the traffic match the signature of web-browsing since the standard port in the App is 80? Is it because we are not enforcing application-default at a firewall rule so the traffic is identified by the signature reguardless of port?

3 REPLIES 3

L4 Transporter

you are right, switch ACL to use application-default and it will stop passing traffic.

Cyber Elite
Cyber Elite

Unless you have ssl decryption enabled which could identify web-browsing inside ssl, it is possible there is unencrypted http using port 443. Due to the ports being set manually, application defaults are not being enforced and the sessions are allowed to pass

 

Enabling application default will block these connections 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

So reaper in that case if SSL Decryption is enabled which is identifying web-browsing over 443, I have to  allow this behaviour in security policy & I don't think it is a best solution. 

 

For e.g. I am allowing & decrypting a sports category  website which is showing decrypted  but sesion allowed over port 443 for web-browsing due to loose policy allowing any app over port 80/443. This in not ideal solution with Decryption tured ON. 

 

  • 6219 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!