Clarification on Traffic Processing Order within HTTPS-Proxy (IPS, App Control, GAV, WebBlocker)
Hello WatchGuard Community,
I'm seeking some clarification on the exact order of operations when traffic passes through an HTTPS-Proxy policy on a WatchGuard Firebox, especially when multiple security services are enabled.
Specifically, if an HTTPS-Proxy policy has IPS (Intrusion Prevention System), Application Control, Gateway AntiVirus (GAV), and WebBlocker all enabled for content inspection (assuming SSL/TLS decryption is in place), what is the precise sequence in which these services inspect the traffic?
From my understanding, it generally follows a logical flow after decryption, but I'd appreciate confirmation on the exact processing order to better understand traffic flow and troubleshoot effectively.
Any insights or links to official documentation detailing this specific order would be greatly appreciated.
Thank you in advance for your help!
Best regards,
Answers
really simple flow order for outgoing traffic..
1) DNSWatch
2) Firewall Policy order
3) WebBlocker, Geolocation, Botnet Detection
4) Proxy policy action rules
5) IPS, Application Control
6) GW AntiVirus, IntelligentAV, APT Blocker
Thank you very much for your detailed response! I appreciate the explanation of the traffic processing order.
Would it be possible for you to provide a link to the official WatchGuard documentation or a specific page in the Help Center that outlines this sequence (DPI, WebBlocker, Application Control, GAV, IPS, ...)? Having the official source would be very helpful for my reference and further study.
Thanks again for your time and assistance!
Best regards,