SSL Reputable Websites and web filter conflict

Forum|Forum|8 years ago
April 18, 2018
1 reply
11272 views

When "SSL Reputable Websites" is active in "Security Profiles -> SSL/SSH Inspection" the system doesn't block some addresses (ex. facebook.com) that normally are blocked by policy and also application.

Obviously with "SSL Reputable Websites" disabled, the addresses are locked correctly.

Is it normal? Can "Web fiter" have priority on "SSL Exemptions"?

Thanks to all.

emnoc

New Member

I think your using the wrong Security Profile for attempting control of HTTPS websites. The "SSL Reputable Websites" is used to exempt sites from SSL-deep-inspection it has nothing to do with URL filtering. You do this , if you want trust that site and have SSL inspection issues ( so why would you need URL filtering ..you just exempt it ).

Next, because we have no SSL inspection, how do you know what the customer is going to ( Host: header is encrypted ) and next unless you inspect SNI, you have no means to inspect the URL. ( So again you just exempt it !)

Your firewall is performing correctly btw ;)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded