About GM001

Thanks Tom, but I'm not sure how that's relevant to my issue. I'm trying to understand how a VPP exception in a security rule can stop an SSH decryption rule from applying. ... View more

I've got an interesting variation on this issue. I have an SSH proxy that inspects all incoming SSH traffic going to various SFTP servers. I have one particular SFTP server that has a security rule that allows SSH, but this one rule ( to just one server) also has a VPP with the same 40015 exception with the action set to alert. Despite the SSH proxy rule covering all incoming SSH, any SSH traffic to that server is showing as NOT decrypted. All the other traffic hitting any other security rules without that exception shows as decrypted. Would adding the Brute Force exception cause the firewall to not decrypt the traffic so the exception can work? ... View more

Will do, thanks! ... View more

I could, but I'd end up sending you a list of 60+ controls we audit for, and some are fairly complex like "show me all the policies that control traffic to the internet with a profile group that doesn't have packet capture enabled in the AV profile". These types of reports are very specific to our controls and would likely be meaningless to the larger community, so I would rather be the guy that learns to fish instead of expecting someone to hand me fish. 🙂 If I could get ODBC access to the database I could write these queries pretty quickly - assuming you have a reasonably normalized data model - so that's what I'm after. And if I need to do it through MySQL tools right on the box that's OK too. The alternative is I write a parser for the config files and get it all in a database myself, but as I mentioned, it sure looks like Expedition already does this so if I can avoid re-inventing the wheel that would be preferable. ... View more