Dear All,
Does anyone can confirm what application layer protocol TW uses for their remote service used via their native installed application on a PC.
I cant make URL, neither SNI or CN based filtering work on a firewall for its traffic when it uses its default 5839 port or 443, even if I do ssl decryption.
Does tw use http to encapsulate their payload when encryption is in place?
Only when Tcp80 is used I can see the urls and http as the last resort fallback.
My final goal would be to at least make the fw recognize and read the SNI from the tls handshake or CN from the tls cert to do a basic filter. Also I am curious what app protocol tw uses if its not http.
FYI I use paloalto fw and tried every single scenario to make this work.
thanks
