03-27-2013 05:20 PM
Hi All
I am trying to get customer URL filtering working and it's not making much sense to me.
What I need to do is protect the Exchange server by allowing only connections to OWA and not ECP etc.
I've created a Customer URL Category called 'OWA Sites' and listed the following as sites (note there are no external URLs to go off as the external URL is currently pointing at an ISA server):
www.xxx.yyy.zzz/owa
server.mydomain.co.nz/owa
I've then created another Custom URL Category called 'OWA Sites Blocked' and listed the following sites:
www.xxx.yyy.zzz/ecp
server.mydomain.co.nz/ecp
I've then setup a URL Filtering Profile and selected 'allow' next to 'OWA Sites' and 'block' next to 'OWA Sites Blocked'
Finaly a rule was setup to allow the appropriate traffic to the exchange server and the new filtering profile was selected in Profile Settings section.
Now if I goto the site www.xxx.yyy.zzz/owa I get a security certificate error (understandable) and then get prompted to login - as planned.
If I go to the site www.xxx.yyy.zzz/ecp I get the certificate error and then can log in to the ECP site. Surely the filtering profile should have blocked the site?
I've then gone and set the profile type to 'none' and then used the URL filter within the services/URL category tab of the rule to see if I can control it that way but no, I can't get onto either site now.
Anyone got any ideas on what I'm doing wrong?
How are you controlling the access to the Exchange sites?
We're using 5.0.3.
Cheers
Alan
03-28-2013 10:41 AM
Do both the sites:
/ecp &/owa use the same certificate?
If you try to access a website over SSL, then firewall pulls the CN of the certificate and tries to apply the URL filter to it since the firewall cannot look inside the SSL tunnel.
Try adding SSL decryption for traffic going to the server and see if that makes any difference?
04-01-2013 03:37 PM
Hi bulent and achitwadgi
Thanks for the replys. Sorry for not replying sooner but its been a long weekend.
Yes, I chose Outlook-web, SSL and Web-Browsing. All traffic gets seen as SSL to port 443.
I'm not using a certificate at the moment and yes the traffic gets seen going to the FQDN of the server (thanks for the info on the pulling of the CN from the cert) so I'll look at adding SSL decryption to pop open the traffic and see if that helps.
I noticed that the logs generated indicated that the URL being seen is the FQDN of the server without the '/ecp' or '/owa/' so the path seems to being dropped or ignored on the request. In my custom URL filter I include the path so when I look the logs the URL is listed as 'unknown'. When I removed the path from the URL in the custom filter it gets clasified correctly as the custom URL.
I'll continue to look at the SSL decryption and how that will help but if anyones got any ideas why the paths are being ignored I'd love to here them.
Cheers for all the support.
Alan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
