Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Carlos_Machado1
Participant

Unable to access a bank's site even though it's allowed by a rule

Hi, community!

I'm having troubles accessing banks and finance sites even though they are allowed by the proper rule. The Finance category is allowed as part of a group of categories called "level 2 categories":

But when I go to a banking site, such as grupobancolombia.com the connection is blocked. According to our logs, the firewall is blocking some sites associated to the bank's site, but it's not showing me any categories associated to them:

If I allow everything through the rule, all sites open correctly.

Any thoughts?

I'm running R80.10.

Thanks.

0 Kudos
4 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

It seems that Website is SSL(HTTPS) and SSL(HTTPS) inspection not enabled

0 Kudos
Carlos_Machado1
Participant

But shouldn't URL categorization work even without SSL Inspection activated if I choose to "categorize HTTPS sites"?

0 Kudos
PhoneBoy
Admin
Admin

The categorization in this case will depend on what the DN of the TLS certificate is, which may be different than the URL typed in the browser.

0 Kudos
Hugo_vd_Kooij
Advisor

The Subject of a certificate can be anything if you have match on the Subject Alternative Names as those are preferred over the Subject of the certificate.

At this moment I think that without SSL intercept you may run into problems.

There is still a lot of debate about all of this. Chrome seesm to ignore the subject and only relies on Subject Alternative Name.

By now that term seems to be misleading as it seems to be more of a Subject Name List.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events