bpappas schrieb: @mhuels: Have you configured the CRL/OCSP options on the Device tab -> Server CRL / OCSP Settings screen? -Benjamin Hi Benjamin, up to now, we did not have configured anything in the CRL/OCSP tab. Since 5 minutes, we have enabled the checking of revocation lists via CRL and OCSP. Testing on https://22.214.171.124 , the firewall blocks the ssl traffic (the browsers shows a timeout). Although it would be nicer not to drop but to bring out a security warning or an invalid certificate, this behaviour is tolerable for us. There are not so much diginotar certificates anymore ... Thanks for your hint. Manfred
... View more
Hi, After going to version 4.3 and coincidentally changing our ISP seem to have brought on an avalanche of "not-resolved" errors. I note though that there is a mention of a 5 second response time requirement from Brightcloud before this verdict is delivered. Hmmm... I have made requests in the past to Brightcloud for URL re-categorisation and have received decent responses. However I agree that Brightcloud is not proactive ( not quick enough in this regard) in it's categorisation work. We had to send a whole list of IP addresses that microsoft (and yahoo) use to host their skydrive files so that students could download their work. I find that when MS / Yahoo add to this pool we had to keep sending these to Brightcloud. I have seen other more obvious ones not being categorised properly as well. We use custom URL categories to get over this. We have set up categories such as universal allow / deny , staff allow / deny and students allow / deny. These are then tied to policies that filter pages for these user types. Nalin.
... View more