We are blocking a particular category of URLs (say gambling). When we access the unecrypted site it is blocked as expected. When we add https to the URL and browse we are not blocked.
I can see in the logs that access is allowed by the FW, even though it hits a rule with a URLF profile that should block the category. The category for the SSL connection is also correctly listed in the logs indicating that after decryption the site has been identified correctly by URLF.
I can confirm that the site is being decrypted because the certificate presented has been signed by the root CA configured in the SSL VPN.
Any idea's why this might be the case. Version 6.1.7.
Solved! Go to Solution.
Do you mind sharing the website you are browsing to? Or the logs of the issue? I can't say for sure what the cause of the behaviour is at the moment.
The action of a security rule will be allow, but the URL filtering log will show the block (if it is blocked). Technically the traffic was allowed, and only when everything was determined would it be blocked.
When you click the magnifying glass on that, it should have related logs which include URL filtering logs. Alternatively, you can pull up the same query in the URL filtering logs and it should show you what the verdict was.
Problem solved guys. I did a session with support. The traffic wasn't hitting the rule i suspected (i didn't review the log files thoroughly enough).
The sites were switching to SSL over port 80. This meant the URL rule that specified Application default did match the SSL traffic on port 80. I had to manually add services for 80 and 443 to the URLF rule to ensure that the site would hit the correct rule.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!