topic Re: SSL protocol in application control rules in Firewall and Security Management

SSL protocol in application control rules

andy_currigan — Tue, 06 Aug 2019 15:15:27 GMT

we have a strange behaviour with ssl protocol and application control.

customer notify us that some sites that should be blocked by the application control were accessible (like facebook)

rules are configured in whitelist mode (allowing specific categories and applications and a block all rule a the bottom)

after investigating we notice that there was an application control rule that enabled https to internet that allow facebook and many other sites, once disabled that rule all these sites were correctly blocked by the application control rules but we got also lot's of traffic blocked as "SSL protocol" and we needed to recover the rule.

how can we enable ssl protocol and block these sites at the same time?

one solution would be to change the policies to a blacklist mode but the customer want to keep the rules in whitelist mode.

thanks

Re: SSL protocol in application control rules

PhoneBoy — Wed, 07 Aug 2019 02:30:23 GMT

SSL protocol is a fairly generic application signature, matching all HTTPS traffic.
This could include uncategorized websites, which may not be what you want to allow.
Your best bet is to whitelist the specific SSL traffic you wish to allow by source/destination or create some sort of signature for the traffic you wish to allow.

Re: SSL protocol in application control rules

rloureiro — Tue, 11 Aug 2020 12:37:35 GMT

Hi all,

When access to a permitted website is blocked, if we open it with Internet Explorer we can access it and once we have accessed it from Internet Explorer we can access it from the rest of the browsers.

This is a very strange behaviour. Maybe it is necessary to allow the ssl_v2 and v3 service?

Thank you.

Regards.