Security Policy filtering HTTP/S traffic over all ports

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Policy filtering HTTP/S traffic over all ports

L0 Member

Hi!

Has anybody made a rule that filters the traffic by HTTP/S protocol no matter what the port is?

what I mean is for the FW to detect a client trying to access https://randomwebsite:X where X can be any port from 1-65535

running ver 9.1.8 

2 REPLIES 2

L4 Transporter

Hello @RSennin 

You could use a url-category object (Objects --> Custom Object --> URL Category). Custom url categories do not require a URL filter license.

If you also have SSL decryption in place, you should be able to identify (and react accordingly) this access.

Cyber Elite
Cyber Elite

@RSennin,

Due to the way that you would have to build such a rule out, I really wouldn't recommend doing anything like this unless you can be more restrictive. If you just built out a rule that allows ssl and web-browsing to any service with a url-category specified as @JoergSchuetter mentioned that would "work", but to have that rule function the firewall needs to allow enough traffic to pass to identify the application and the URL which means you're allowing far more traffic than you would really want to be. 

If you absolutely have to do this narrow it down as much as possible so that you're filtering by destination address, even if you just have to build out an FQDN address object for the website and use that. 

  • 2077 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!