bypass SSL for some domains?

Comments

9 comments

  • Avatar
    Firewalla

    We do inspect the certs, but it is not done in line with normal traffic. So it has no way of disturbing the performance side. Are you experiencing issues with this?  

    0
    Comment actions Permalink
  • Avatar
    Mark van der wal

    No issues yet,  I just ordered the gold today. :-) So you don't insert an intermediate cert? At my work, we had some issues with sites like apple.com when doing ssl inspection. I also figured you could save some workload on the firewalla gold by having high bandwidth traffic like netflix or youtube bypassed in ssl inspection.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We do not do ssl proxy ... or ssl man in the middle

    This is something that probably only makes sense to be done in an enterprise;  where the boss can add a cert to your device and then another one in the bigger firewalls, this way, the bigger firewall can unwrap the https sessions. 

    None of the firewalla product does this type of inspection.  We feel it is just dangerous to mess around with encryption; and it is more dangerous if there is no Information Security people around managing ... 

     

    0
    Comment actions Permalink
  • Avatar
    Mark van der wal

    Thank you for the quick response. I'm looking forward to receiving the Firewalla Gold!

    0
    Comment actions Permalink
  • Avatar
    Dmytro Kovalskyy

    So how then one can block sites like netflix?

     

    0
    Comment actions Permalink
  • Avatar
    Daniel Megson

    I've noticed since installing my Firewalla Gold to my home network, Microsoft Teams calls have become incredibly unstable (to the point where I have turned off all features of the Firewalla Gold - restoring the stable experience in Teams).

    Any thoughts around this?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    What is the mode you are running the Gold in? 

    What do you mean by unstable?

    usually the problems of this class (based on what you said)

    1. compatible issue.  (if you are running in simple mode)

    2. Rules that may be blocking ... you can check by visiting the rules button

    0
    Comment actions Permalink
  • Avatar
    Daniel Megson

    Unfortunately I'm in simple mode at the moment... Waiting for a new hot-spot to be delivered. Once it's installed I'll update accordingly.

    I think that either the Ad Block or the DNS over HTTPS settings were the issue (as turning these off for the device fixed the issue).

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Okay good to know.  Likely Ad blocking ... 

    0
    Comment actions Permalink

Please sign in to leave a comment.