cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

Does HTTPS categorization work on non-standard ports? How does the gateway decide that it has to or can categorize a site? 

1 Solution

Accepted Solutions

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

HI,

I think I may have answered my own question. I decided to RTFM (Application Control and URL Filtering Guide) and found "urlf_ssl_cn_enc_http_services_only" which is documented under fine tuning HTTPS Categorization. It's a system property that controls which ports are monitored for SSL signatures. The default value is "False" which means "The Security Gateway listens for SSL signatures on all ports". If "True" it only monitors services defined as "ENC-HTTP" in the protocol section.

0 Kudos
5 Replies
Admin
Admin

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

The list of services defined under Application Control Web Browsing Services would be the safest bet.

0 Kudos

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

HI,

Please excuse my newbiness but where would I find the equivalent in R77? Is it in the services listed in the HTTPS Inspection policy?

Admin
Admin

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

R77.30 and earlier are not quite as flexible, but there is an option to perform HTTP Inspection on non-standard ports:

0 Kudos

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

HI,

I think I may have answered my own question. I decided to RTFM (Application Control and URL Filtering Guide) and found "urlf_ssl_cn_enc_http_services_only" which is documented under fine tuning HTTPS Categorization. It's a system property that controls which ports are monitored for SSL signatures. The default value is "False" which means "The Security Gateway listens for SSL signatures on all ports". If "True" it only monitors services defined as "ENC-HTTP" in the protocol section.

0 Kudos
Admin
Admin

Re: HTTPS categorization on non-standard ports (ie not 80 or 443)

Jump to solution

Ah well there you go Smiley Happy

0 Kudos