Skip to content

Troubleshoot port-agnostic inspection of decrypted HTTPS traffic

Sophos Firewall scans decrypted traffic for signatures on any TCP port regardless of the port specified in the signature. This scan enables the firewall to detect HTTP protocol issues within HTTPS sessions on port 443 or any other port.

However, the scan may result in the following issues:

  • IPS signature false positives: The scan may repeatedly detect one signature on the same website. To resolve this issue, create an IPS signature exception. Go to Intrusion Prevention > IPS policies, edit the policy that contains the signature to add the signature to the top of the list, and set Action to Allow packet.

  • Load increase: Because the firewall scans traffic more extensively for potential threats, you may see a minor reduction in throughput for decrypted HTTPS traffic compared to previous versions of Sophos Firewall.

Port-agnostic inspection is turned on by default. To resolve the resulting issues, you can turn it off. To turn it on or off, use the following CLI commands:

Options CLI commands
Turn off port-agnostic inspection set ips scan_decrypted_port_agnostic off
Turn on port-agnostic inspection set ips scan_decrypted_port_agnostic on

For information about accessing and using the command-line console, see Command line help.