Question
Why is HTTPS traffic blocked in transparent mode when I don't have an SSL license?
Answer
Starting with version 9.0, when in transperent mode and a service is disabled (even when it's module is not licensed) all traffic on that service port is blocked.
Of course this is not the desireable affect for customers who do not purchase the SSL scanning license.
The solution is to exclude the HTTPS port from being scanned, via the new config_excludes command (avilable since 9.0-M02 and 9.2 onwards).
Run the config_excludes limited shell command, and answer 'y' to change the configuration.
Choose to Add an exclude settings (2).
Leave the Source IP blank, and press Enter.
Leave the Destination IP blank and press Enter.
Enter 433 in the Destination Port.
Chooce to Save the exclude settings (1).
That's it, you're done.
Software Version
9.0-GA
9.0-M02
9.2.0 onwards
- This article applies to:
- NG 1000
- NG 5000
- NG 6000
- NG 8000
- This article was previously published as:
- Finjan KB 1858