Hello,
We have a SRX connected with Skyatp.
And my question regarding the Blacklist downloaded from Skyatp.
Does the firewill block the connection to a https server (if the IP is mentioned in the Blacklist) eventhough we didnt configure HTTPS decreption policy.(We are not allowed to decrypt SSL)
I know that in order to inspect connection to https server you need to configure application-services advanced-anti-malware
user@host# set security policies from-zone trust to-zone untrust policy firewall-policy1 match source-address any user@host# set security policies from-zone trust to-zone untrust policy firewall-policy1 match destination-address any user@host# set security policies from-zone trust to-zone untrust policy firewall-policy1 match application any user@host# set security policies from-zone trust to-zone untrust policy firewall-policy1 then permit application-services advanced-anti-malware aamwpolicy1