No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

https or http website block via usg6300

Publication Date:  2017-09-18 Views:  376 Downloads:  13
Issue Description

costume want to block the https website but unable to block

Alarm Information

NO

Handling Process

Problem
Analysis

1.   Checked the website, it is HTTPS website.

2.  For HTTPS, firewall need to decrypt the traffic, otherwise it can’t detect the type of URL. That's why we need to configure SSL decryption and import certification to PC/Mobile.
If you don’t want to import certification into every PC/Mobile, you can block as Application.


Root Cause

USG can block HTTP website without SSL decryption. If you want to block HTTPS website, you need to configure decryption.



 



Solution

As costumer have 2600+ terminals, we suggest you to block as Application.

Refer to the following
picture, configure Porn website as Application, and “Commit
”.

2.Add UD_Porn to Block group.

3.    Block the Application in Security Policy.

process are already in attachment





 



Suggestions

For HTTPS, firewall need to decrypt the traffic, otherwise it can’t detect the type of URL. That's why we need to configure SSL decryption  and import certification to PC/Mobile.

END