Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

url filtering not working on lab environment

So running a random test lab on my laptop for practise, i enabled url filtering on Gateway-2 (see my topology) and installed the policy, for some reason its not working as when i try to acces www.heineken.com (created a custom application for this as can be seen in the pics below) the link still opens with no issues (i also tried block for this link and the link still opened) , the gateways 1 and 2 are running R80.20 with the latest hotfix however the latest hotfix for both the managements (mgmt-1 and 2) which are also on R80.20 do not install and fail (take 141) which could be related to the url filtering or maybe not, i will be attaching all pics below for your reference,

by the way i have named gateway-A as policy for gateway-1 and gateway-B as policy for gateway-2, as you can see my mgmt pc has ip of 192.168.2.10 and it has to go through gateway-2 to go to the internet which is where i have enabled url filtering.

 

Capture.PNG

Capture2.PNG

Capture3.PNG

Capture4.PNG

Capture5.PNG

 

Thanks and Regards.

0 Kudos
4 Replies
Highlighted
Admin
Admin

0 Kudos
Highlighted
Copper

so i realised that https inspection has to be enabled in some form for the url filtering to work, but when i enable https inspection it doe not work at all rather the https inspection itself does not work at all, created a certificate then enabled https inspection, then i look at the default inspection rule on smartdashboard which i leave it at that, but when i browse through my mgmt pc(google.com or whatever website it is taht i type) it is supposed to show the certificate invalid message and all that stuff but the browsing is still normal (certificate is still issued by google for google.com, etc) when it should in fact show the certficate that the gateway-2 should issue and when i look at logs by typing blade:"https inspection" it only shows 2 logs which are basically me enabling https inspection on the gateway and nothing else which means https inspection is not working, only when i go to manage & settings-blades-application control & url filtering-advanced settings-then tick categorise https websites does the filtering work (but only filtering works (but actual checkpoint blocking message is not displayed only a message like "404 page not found" is displayed) and not https inspection) so yeah thats how it is.
0 Kudos
Highlighted
Admin
Admin

Please get the TAC involved to figure out why the JHF is not installing.
The improved SNI support which will help URLF work better is a good reason to do that.
0 Kudos
Highlighted
Copper

Im going to do it all over again, bought a new laptop so tried to transfer over my config but failed miserably, so will have to set up the entire topology all over again, will be tedious but have no choice😥
0 Kudos