disable packet inspection and TLS inspection

Follow

Kai Zimmer

• October 19, 2020 15:09

Hi,
is it possible to disable packet inspection and TLS inspection in Sensei for OPNSense for data security reasons (not allowed here)? If so, which functions of the 'Security'/'App Controls'/'Web Controls' pages will still remain/work under these circumstances?
Best regards,
Kai

0

• Official comment

  

  Matt

  • October 19, 2020 17:38
  • Edited

  Hi Kai,

  Thanks for reaching our and for your interest. 

  I am guessing you referring to "Full TLS Inspection".

  If so, Full TLS inspection is not available at all for Free, Home and SOHO. For Premium it'll be enabled in the future. 

  So by default, you don't need to disable anything since it'not active. 

  Comment actions Permalink
• 

  Kai Zimmer

  • October 20, 2020 08:03

  Hi Matt,
  
  thanks for your fast answer. Yes, 'TLS Inspection' is one thing i'm not allowed to do, but also 'packet inspection' is not allowed for legal/data security concerns in my country. Can that be disabled, too? Otherwise i just may not use the Sensei plugin at all.

  0

  Comment actions Permalink
• 

  Matt

  • October 20, 2020 15:51
  • Edited

  Hi Kai,

  My pleasure. Actually, the core technology that the product uses is a novel packet inspection engine. 

  Having said that, "packet inspection" is what lies beneath all the new "next-generation" network security solutions. All modern firewalls, Intrusion Detection/Prevention Systems (e.g. Suricata), Secure Web Gateways, etc all employ packet inspection, and it is not possible to disable it at all since every single security detection/prevention functionality is based on this core technology. 

  To our experience, regulations rightfully regulate the way you employ this technology; so I'd strongly suggest that you consult a legal advisor to fully understand your local legal context. 

  0

  Comment actions Permalink

Please sign in to leave a comment.