This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Martin_Peinsipp
Contributor
‎2019-01-11 03:40 AM

R80.10 GW (VSX) and Non-Transparent Mode (URL-Filter-Blade)

Hello!

I have a question regarding the URL-Filter-Blade, in the following configuration:

- SMS R80.10, latest Hotfix

- FW-GW: VSX-System, R80.10, latest Hotfix

- URL-Filter-Blade in non-transparent-mode (Clients have configured the FW as explicit proxy)

- NO HTTPS-Interception is configured

- cat. HTTPS-Sizes is enabled

Regarding this, I have some questions:

- Is it correct, that the FW does not use the CN for the cat. of HTTPS-Sites, when I use the FW as a explicit proxy?

- In this configuration, is it true, that the block-page for not allowed HTTPS-Sites will not be opened by the client's browser (same as in transparent-mode)? So there is no other way, to use HTTPS-Interception, irrespective which proxy-mode i use, that the clients can open/see the block-page?

- What would you guys suggest, should I use the FW as a transparent URL-Filter or do I have less problems, if I am using the FW as explicit proxy (maybe in combination with HTTPS-Interception)? Performance should not be a problem, because we have a 23500er VSX-Cluster with about 65 GB of RAM and we are talking about 250 Users/Clients.

Best regards

Martin

1 Reply
Chris_Atkinson
Employee
Employee
‎2019-01-11 03:53 AM

Hi Martin,

I would investigate / test the UserCheck client (agent) for your scenario and for best performance avoiding explicit proxy is recommended.

0 Kudos