cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Unable to access a bank's site even though it's allowed by a rule

Hi, community!

I'm having troubles accessing banks and finance sites even though they are allowed by the proper rule. The Finance category is allowed as part of a group of categories called "level 2 categories":

But when I go to a banking site, such as grupobancolombia.com the connection is blocked. According to our logs, the firewall is blocking some sites associated to the bank's site, but it's not showing me any categories associated to them:

If I allow everything through the rule, all sites open correctly.

Any thoughts?

I'm running R80.10.

Thanks.

0 Kudos
4 Replies
Employee+
Employee+

Re: Unable to access a bank's site even though it's allowed by a rule

It seems that Website is SSL(HTTPS) and SSL(HTTPS) inspection not enabled

0 Kudos

Re: Unable to access a bank's site even though it's allowed by a rule

But shouldn't URL categorization work even without SSL Inspection activated if I choose to "categorize HTTPS sites"?

0 Kudos
Admin
Admin

Re: Unable to access a bank's site even though it's allowed by a rule

The categorization in this case will depend on what the DN of the TLS certificate is, which may be different than the URL typed in the browser.

0 Kudos

Re: Unable to access a bank's site even though it's allowed by a rule

The Subject of a certificate can be anything if you have match on the Subject Alternative Names as those are preferred over the Subject of the certificate.

At this moment I think that without SSL intercept you may run into problems.

There is still a lot of debate about all of this. Chrome seesm to ignore the subject and only relies on Subject Alternative Name.

By now that term seems to be misleading as it seems to be more of a Subject Name List.