Management Center and Reporting

 View Only
  • 1.  Logs when downloading files - Reporter/ProxySG

    Posted Apr 02, 2020 12:52 PM
    Hi all, 

    I'm working with a customer on trying to show de benefics of enable SSL Interception during 2020, and this customer is searching for this benefics in the logs, and not in the behavior of the Proxy, so here is my question. 

    What can I expect as log or information in the Reporter from a downloaded file? I mean, An user access to a HTTPS site and download a file, SSL Interception rules to use a Self Signed Certificate and the Certificate exported in the local machine, accepted in all the policy evaluation process for the Proxy, the user receive the File, what i will see in the logs and in the Reporter? 

    Due the coronavirus situation, I have no possibilities to work on a laboratory from home to do some testing, so I need to ask to be sure. 

    Thanks community!


  • 2.  RE: Logs when downloading files - Reporter/ProxySG

    Broadcom Employee
    Posted Apr 06, 2020 04:38 AM
    Hi Juan Manuel

    I'm not sure I've fully understood the question, but if you are trying to convince your customer of the benefits of intercepting ssl traffic then you should go no further than explain that without ssl interception you are blind to approximately 70% of your traffic, that means you can't apply granular policy to ssl traffic (just limited to what you see in the ssl handshake and that to is going away with tls 1.3 and http/2) also you can send any of this traffic to be analyzed by CAS so no av protection.

    by the way are you sending the SSL  logs to reporter?