Individual URL bypass for HTTPS website in blocked content-filter category, transparent deployment with SSL interception
You need to allow access to a specific HTTPS website, which belongs to a URL category that's blocked using content-filtering in your policy, and your ProxySG is deployed in inline transparent mode with SSL interception enabled.
Step 1: Configure the HTTPS proxy-service as depicted below:
The main point to note here is that detect protocol is enabled, which is not the default for a TCP Tunnel service.
Step 2. Add a rule in Web-Access layer for the website to be bypassed:
The main points to note here are that the combined-source object for the website must include both its hostname and its IP address, as resolved from the client network which would be attempting to browse the website. In the depicted example, https://www.mozilla.org resolved to 22.214.171.124 on the test network.
Step 3. Add an SSL Interception layer:
Step 4. Blocking the URL category in an SSL Access Layer
Here, a server certificate category object has been added, for the content-filter category which the bypassed website belongs to (but which will otherwise be blocked).
Rate this Page
Please take a moment to complete this form to help us better serve you.