topic Security Policy filtering HTTP/S traffic over all ports in General Topics

Security Policy filtering HTTP/S traffic over all ports

RSennin — Thu, 15 Jul 2021 13:59:09 GMT

Hi!

Has anybody made a rule that filters the traffic by HTTP/S protocol no matter what the port is?

what I mean is for the FW to detect a client trying to access https://randomwebsite:X where X can be any port from 1-65535

running ver 9.1.8

Re: Security Policy filtering HTTP/S traffic over all ports

JoergSchuetter — Thu, 15 Jul 2021 15:31:40 GMT

Hello @RSennin

You could use a url-category object (Objects --> Custom Object --> URL Category). Custom url categories do not require a URL filter license.

If you also have SSL decryption in place, you should be able to identify (and react accordingly) this access.

Re: Security Policy filtering HTTP/S traffic over all ports

BPry — Fri, 16 Jul 2021 02:12:02 GMT

@RSennin,

Due to the way that you would have to build such a rule out, I really wouldn't recommend doing anything like this unless you can be more restrictive. If you just built out a rule that allows ssl and web-browsing to any service with a url-category specified as @JoergSchuetter mentioned that would "work", but to have that rule function the firewall needs to allow enough traffic to pass to identify the application and the URL which means you're allowing far more traffic than you would really want to be.

If you absolutely have to do this narrow it down as much as possible so that you're filtering by destination address, even if you just have to build out an FQDN address object for the website and use that.