11-12-2015 08:03 AM
I created a URL filter to block shareware sites; however I need to unblock one that I use. ninite.com. I have had no success getting this site to work. Adding the url ninite.com to the allow list, I am given an SSL error (enable TLS 1.0, 1.1, 1.2) which is enabled. I tried adding the IP address and that did not work. It appears the site is using a non-standard port (port 6080). So I added that port to as part of the IP address to allow. That partially got the site working but the installer still does not. The site has a SSL certificate and the certificate CN matches the URL that I added to the allow list.
Anyone willing to drill down on this issue and see what is needed to get it working? 🙂 I am guessing the installer is using a different port as well...
Thanks,
11-12-2015 11:43 AM
It appears you just need a "Shareware-Freeware Bypass" custom URL category.
Create a custom URL category naming it whatever you like set that category action to alert. Add the url to this custom category and you should have no issues.
11-12-2015 11:25 AM
I can get to the site and my logs don't show the site using port 6080. It's using the normal HTTPS port (443). We're doing SSL Interception and the site is using TLS1.2 AES_256_CBC / HMAC-SHA1
11-12-2015 11:30 AM
Did you add share-ware-and-freeware to any URL filtering? I have it under Continue, at the moment.
11-12-2015 11:38 AM
It's just an "alert" action.
Oh...port 6080 is the dump-off port Palo uses for "continue/override" actions.
11-12-2015 11:38 AM - edited 11-12-2015 11:39 AM
<duplicate post>
11-12-2015 11:43 AM
It appears you just need a "Shareware-Freeware Bypass" custom URL category.
Create a custom URL category naming it whatever you like set that category action to alert. Add the url to this custom category and you should have no issues.
11-12-2015 01:13 PM
That did the trick. Curious why a custom URL category would work differently than adding the same site to the allow site lists on the URL filter. Hmm.. It works, and that is all that matters. Thanks!
11-13-2015 05:23 AM
hrmm, not sure how exactly an "Allow List" in a URL profile would work compared to the specific URL Category, but it just seems to me that using the "Custom URL" categories would be better. They can be used in multiple places and have more controlls around them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
