How to configure URL Filtering SSL site

Reply
L1 Bithead

How to configure URL Filtering SSL site

Hi all,

 

I have a question regarding URL filtering. I set up URL filtering in Security Profiles to "Alert" for Google Tag Manager. Test and work with the browser access to "https://www.googletagmanager.com/". When I use Wireshark to capture packets, why do I see only packets ssl negotiations "clent hello",  not responsed "server hello". However, browser access to "http://www.googletagmanager.com/", that is redirected to "https://www.google.com/analytics/tag-manager/", i can see that web site. In the whitelist, "www.googletagmanager.com" is allowed. 

 

Thanks,

Community Manager

Re: How to configure URL Filtering SSL site

hi @fxlateengineer

 

What is your question exactly?


Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: How to configure URL Filtering SSL site

Hi @reaper,

 

Thank you for reply.

 

Allow "www.googletagmanager.com" in URL filtering whitelist. If you connect with https, you can not connect, but you can connect by connecting with http. "www.googletagmanager.com" will be redirected to "https://www.google.com/analytics/tag-manager/". We also allow "* .google.com" by URL filtering.
Why can not connect using https, but i can connect using http. When capturing packets when connecting with https, there is no server hello response to use in SSL negotiation. It is speculated that this is the reason, but it is unknown whether URL filtering is directly related.

 

Sorry, my English is not good.

 

Regards,

Community Manager

Re: How to configure URL Filtering SSL site

hi @fxlateengineer don't worry, your english is fine!

You just had so much information i wanted to make sure I understood the question ^_^

 

Do you have SSL decryption enabled? 

 

have you seen anything beiong blocked in the logs ?

Have you tried setting up packet-diag filters on the firewall and enabled packetcaptures while tracing the global counters ?

 


Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: How to configure URL Filtering SSL site

Hi, @reaper

 

Thank you for your kindness ^_^

 

ssl decryption is disabled. i have seen permited in the logs. i do not want to do it because the load of the device hangs up when packet capture is carried out. I'm worried.

 

Regards,

Community Manager

Re: How to configure URL Filtering SSL site

make sure you set very specific filters and enable them

disable pre-parse (this is very important)

then verify global counters via a delta to verify what amount of packets you should expect, so you can decide to capture or make your filters even more specific:

 

> show counter global filter delta yes packet-filter yes

Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: How to configure URL Filtering SSL site

Hi @reaper,

 

Sorry for the late reply.

 

I tried enabled packetcaptures while tracing the global counters.

 

> show counter global filter delta yes packet-filter yes

 

The dropped packet can be found and resoleved.

 

thank you so much!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!