08-28-2018 10:29 AM
@rjdahav163 wrote:1. Is forward trust certificate used to read the HTTPS header?
No, as @OtakarKlier already wrote, the headers are sent in cleartext so the firewall can simply read them without any additional steps. In these headers (->TLS handshake) the client also sends the fqdn where it wants to connect to so the firewall is able to see the URL without decrypting the traffic and apply the configured URL filtering rules.
The forward trust certificate is (in your case without TLS decryption) used to dynamically generate certificates for the domains where the client tries to connect to. This generation the firewall does only for domains that are set to block/continue or for all domains where a response page is required. And this generation is required to properly present this repsonse page to the user as the firewall cannot inject the response page into the http connection without decryption so it has to do it this way.
@rjdahav163 wrote:2. We dont have any decryption profiles. Is any kind of decryption happening?
No, there is no decryption of actual usertraffic happening.
@rjdahav163 wrote:3. The URL Filtering works if the user is using a browser to open an application. But when the user uses an application to access a URL then the connection fails. Any ideas what could be going wrong here?
Is the application connecting to an URL that is blocked?
