For example, www.unrealengine.com. The URL part does not block the URI part either, only if you add it as a domain (without the URI part), it blocks effectively.
it could be anything related to https decrypt SSL needed?
Yes, this is related to SSL decryption. The firewall can see HTTPS the connection from client to server and detect the server address via certificate CN or SNI values and these do not yet contain the URI part. A few packets later, when TLS session is set up the GET request will be sent with the URI - and this you'll only be able to see if you do decryption.
Hope this helps,
Hi @BigPalo ,
What @ShaiW explained is correct, but it is only one part of your problem. I would say the main reason for your issues is how you have defined the URL in the EDL.
Lets break into to pieces:
- Your EDL contain only the domain "unrealengine.com", but this way any sub-domain will not match - this is not specific for PAN FWs, this is how domain and sub-domains works. If you want to block/allow URLs for the domain and any sub-domain you need to have two entries - "unrealengine.com" and "*.unrealengine.com"
- As @ShaiW already explained, if you don't perform SSL decryption firewall actually will never see the full URL. So the URL filtering feature will use the SSL certificate to determine which URL you are trying to reach. And because the SSL contain only the hostname (not the full URL), you can only filter based on domains and sub-domains. So you can still apply URL filtering, but without the complete control of the URI
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!