- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-20-2015 01:30 AM - edited 11-20-2015 01:31 AM
With SSL Decryption it is recomended that Financial services & Medical category is not decrypted.
My question is how do you ensure that sites that should not be decrypted are not i.e. JP Morgan is clearly a Financial services and will not get decrypted.
But if a user were to access a very obsecure Financial Website it may be classified incorrectley as such would get decrypted, the user would not know this is happneing.
Is there any logs in the PA that one can look at get see this type of mis-clasification.
11-20-2015 06:25 AM
Short answer...No.
The only way you're gonna know is if you know the site and submit it for re-categorization.
The rationale for not intercepting finanicial is 2-fold. The first being PII reasons. The second being usually these types of sites more often than not are more prone to not working when intercepted.
If you're intercepting a site like this and users are expereincing problems you'll know and will have the chance to re-categorize it.
11-20-2015 06:48 AM
Depends also for which clients you are intercepting and for which purpose.
A more strict policy is that stuff that cannot be intercepted (or is not allowed to) will be blocked (meaning you cant visit that financial site from your workstation at work as an example).
If you must know which sites you are "bypassing" SSL-termination for and URL-category isnt enough then create a custom URL-category where you put in your "whitelisted" sites into.
Will take some time and effort but at the same time - how many financial sites (that is truly financial sites - not just forums where the topic is financial related) does your clients visit? And how many new lets say banks to there show up which you then need to whitelist?
I guess you might have some work the first few days but then it will level out...
11-20-2015 06:25 AM
Short answer...No.
The only way you're gonna know is if you know the site and submit it for re-categorization.
The rationale for not intercepting finanicial is 2-fold. The first being PII reasons. The second being usually these types of sites more often than not are more prone to not working when intercepted.
If you're intercepting a site like this and users are expereincing problems you'll know and will have the chance to re-categorize it.
11-20-2015 06:48 AM
Depends also for which clients you are intercepting and for which purpose.
A more strict policy is that stuff that cannot be intercepted (or is not allowed to) will be blocked (meaning you cant visit that financial site from your workstation at work as an example).
If you must know which sites you are "bypassing" SSL-termination for and URL-category isnt enough then create a custom URL-category where you put in your "whitelisted" sites into.
Will take some time and effort but at the same time - how many financial sites (that is truly financial sites - not just forums where the topic is financial related) does your clients visit? And how many new lets say banks to there show up which you then need to whitelist?
I guess you might have some work the first few days but then it will level out...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!