Hello!

I have a question regarding the URL-Filter-Blade, in the following configuration:

- SMS R80.10, latest Hotfix

- FW-GW: VSX-System, R80.10, latest Hotfix

- URL-Filter-Blade in non-transparent-mode (Clients have configured the FW as explicit proxy)

- NO HTTPS-Interception is configured

- cat. HTTPS-Sizes is enabled

Regarding this, I have some questions:

- Is it correct, that the FW does not use the CN for the cat. of HTTPS-Sites, when I use the FW as a explicit proxy?

- In this configuration, is it true, that the block-page for not allowed HTTPS-Sites will not be opened by the client's browser (same as in transparent-mode)? So there is no other way, to use HTTPS-Interception, irrespective which proxy-mode i use, that the clients can open/see the block-page?

- What would you guys suggest, should I use the FW as a transparent URL-Filter or do I have less problems, if I am using the FW as explicit proxy (maybe in combination with HTTPS-Interception)? Performance should not be a problem, because we have a 23500er VSX-Cluster with about 65 GB of RAM and we are talking about 250 Users/Clients.

Best regards

Martin