11-20-2025 12:00 PM
Hey,
I have a need to block all internet traffic at a specific site.
I have created specific policies to allow needed services,
and at the bottom of the policy, I have added a drop all.
I have created a URL category for *.net.anydesk.com
and allowed the ports according to this URL
https://support.anydesk.com/docs/firewall
but traffic from clients using Anydesk gets the drop policy.
I understand that it is something related to the fact that the header do not have the SNI. as the traffic is incripted by anydesk client.
But if I want to allow the trafic using application ID, it allows 443 and that will allow user to go on the WEB with 443 and I cannot allow it.
Will appriciate any help or ways to aproach this.
Thanks.
11-25-2025 06:31 AM
If you look at the traffic from a test client with a URL profile that is set to 'alert' on every category, what does the traffic actually look like? Do you anything from a URL standpoint which is possibly just not matching your custom category, or does it simply not log anything at all?
You used to be able to decrypt this traffic as long as you trusted the Anydesk self-signed certificate that it uses, but that has maybe changed. You also previously needed to have anydesk.com/, *.anydesk.com/, *.net.anydesk.com/, and net.anydesk.com/ for this to filter properly. Again, that could have changed as it's a couple years out of date at this point.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
