WatchGuard Cloud Bypass Decryption

robt7676robt7676
in Firebox - Proxies

Happy holidays all! I've been testing out WG Cloud and can't figure out how to replicate what I had configured on a locally-managed Firebox. Here's how WebBlocker worked locally:

-Client accesses an allowed site: Firebox passes the connection without decryption
-Client accesses a denied site: Firebox inspects, denies, and throws up block page

Here's how it seems to work with the cloud:

-Client accesses an allowed site: Firebox decrypts traffic, re-encrypts and passes traffic
-Client accesses a denied site: Firebox descrypts traffic, denies, and throws up block page

Given this, what's the point of "Bypass Decryption" in the WebBlocker? I've tried selecting it in several categories, but the Firebox still decrypts the traffic which can be confirmed by looking at the certificate when the page in question loads. What am I missing? Thanks!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @robt7676

    The closest thing to what you have on a locally managed firewall would be:
    -Set the categories that you do not want decrypted to bypass decryption.
    -Set the categories that you want denied to block or warn, depending on your needs.

    Keep in mind that if you bypass decryption, services like Gateway AV will not be able to scan traffic, and other services like Application Control and IPS may be less effective.

    If bypass decryption isn't working, the SNI (server name indicator) supplied by the server you're contacting likely doesn't match one of the categories that have been selected. I'd suggest opening a support case if you're running into this so our team can help identify what is happening and help get around it.

    -James Carson
    WatchGuard Customer Support

  • robt7676robt7676

    Hi James. Thanks for your reply. It sounds like I have it setup as you described with outgoing policies set to decrypt https pointing to those content filtering. I was hoping to have simply missed a setting somehwere as this is frustrating as decrypting things that are intentionally flagged as bypass decryption can be dangerous. I tried dozens of sites and same behavior so don't believe SNI is the problem. In any case, will open a support case.

Sign In to comment.