Good Day Guys and Gals
I need ideas on the following issue please! I have a block on all Social networking sites for the company. The Policy works great when the user tries to access http://plus.google.com, but when they use SSL (https://plus.google.com) the user gains full access to the site. Same goes for all other Social networking sites! How do we stop them on SSL?
Thanx in advance!
You could also block these using the URL filtering feature. URL filtering will work on encrypted or unencrypted traffic because it is making the allow/block decision using the unencrypted URL information.
Good Morning Bpappas
Thank you for your reply!
I am actualy using the URL filtering feature, Policy with application filtering and plus.google url in custom deny list, but still it bypasses the PA......
Any other ideas?
The problem with URL filtering and HTTPS traffic is that with HTTPS you cannot actually see the GET message which URL filtering normally looks at because it is encrypted. So URL filtering can only apply to the URL in the certificate. If that certificate does not have "plus.google.com" then URL filtering will not work on that. It seems https://plus.google.com certificate was issued to "*.google.com". You can see a server certificate in IE by going to File > Properties and then click on Certificates button.
Likely the only way you will be able to reliably identify social media sites would be to use SSL proxy decryption as others have suggested.
That is not the case for me, it does block it in chrome but not in IE or Fx? I've also added a url filter but that didnt work iether for google+ Im still testing but I ahve to ahve this closed by the end of the week. I may have to open a case for the Palo techs to help me out on this.
Im nervous to turn on SSL Decryption. Is it reliable ? Do I have to turn it on for all SSL traffic ? I just want the URL information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!