How to configure URL Filtering SSL site

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to configure URL Filtering SSL site

L1 Bithead

Hi all,

 

I have a question regarding URL filtering. I set up URL filtering in Security Profiles to "Alert" for Google Tag Manager. Test and work with the browser access to "https://www.googletagmanager.com/". When I use Wireshark to capture packets, why do I see only packets ssl negotiations "clent hello",  not responsed "server hello". However, browser access to "http://www.googletagmanager.com/", that is redirected to "https://www.google.com/analytics/tag-manager/", i can see that web site. In the whitelist, "www.googletagmanager.com" is allowed. 

 

Thanks,

1 accepted solution

Accepted Solutions

make sure you set very specific filters and enable them

disable pre-parse (this is very important)

then verify global counters via a delta to verify what amount of packets you should expect, so you can decide to capture or make your filters even more specific:

 

> show counter global filter delta yes packet-filter yes
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

hi @fxlateengineer

 

What is your question exactly?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi @reaper,

 

Thank you for reply.

 

Allow "www.googletagmanager.com" in URL filtering whitelist. If you connect with https, you can not connect, but you can connect by connecting with http. "www.googletagmanager.com" will be redirected to "https://www.google.com/analytics/tag-manager/". We also allow "* .google.com" by URL filtering.
Why can not connect using https, but i can connect using http. When capturing packets when connecting with https, there is no server hello response to use in SSL negotiation. It is speculated that this is the reason, but it is unknown whether URL filtering is directly related.

 

Sorry, my English is not good.

 

Regards,

hi @fxlateengineer don't worry, your english is fine!

You just had so much information i wanted to make sure I understood the question ^_^

 

Do you have SSL decryption enabled? 

 

have you seen anything beiong blocked in the logs ?

Have you tried setting up packet-diag filters on the firewall and enabled packetcaptures while tracing the global counters ?

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi, @reaper

 

Thank you for your kindness ^_^

 

ssl decryption is disabled. i have seen permited in the logs. i do not want to do it because the load of the device hangs up when packet capture is carried out. I'm worried.

 

Regards,

make sure you set very specific filters and enable them

disable pre-parse (this is very important)

then verify global counters via a delta to verify what amount of packets you should expect, so you can decide to capture or make your filters even more specific:

 

> show counter global filter delta yes packet-filter yes
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi @reaper,

 

Sorry for the late reply.

 

I tried enabled packetcaptures while tracing the global counters.

 

> show counter global filter delta yes packet-filter yes

 

The dropped packet can be found and resoleved.

 

thank you so much!!

  • 1 accepted solution
  • 4006 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!