07-15-2021 06:59 AM
Hi!
Has anybody made a rule that filters the traffic by HTTP/S protocol no matter what the port is?
what I mean is for the FW to detect a client trying to access https://randomwebsite:X where X can be any port from 1-65535
running ver 9.1.8
07-15-2021 08:31 AM
Hello @RSennin
You could use a url-category object (Objects --> Custom Object --> URL Category). Custom url categories do not require a URL filter license.
If you also have SSL decryption in place, you should be able to identify (and react accordingly) this access.
07-15-2021 07:12 PM
Due to the way that you would have to build such a rule out, I really wouldn't recommend doing anything like this unless you can be more restrictive. If you just built out a rule that allows ssl and web-browsing to any service with a url-category specified as @JoergSchuetter mentioned that would "work", but to have that rule function the firewall needs to allow enough traffic to pass to identify the application and the URL which means you're allowing far more traffic than you would really want to be.
If you absolutely have to do this narrow it down as much as possible so that you're filtering by destination address, even if you just have to build out an FQDN address object for the website and use that.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
