Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ak463
Explorer

CP VSX 26000 series: FW policy not blocking restricted websites

Hi, 

I am working on an issue. The CP VSX version 26k series have policy (fw rule) to block the adult contents. We have the rule in place, however still the adult category websites are accessible. 

For Testing; we applied the same rule in the CP Quantum mid range fw, it works perfectly (policy block the adult contents).

I am a newbie and learner. Please help or point me to reference document to correct the issue. thanks in advance. 

 

Best Regards

0 Kudos
4 Replies
_Val_
Admin
Admin

In your tests, was it also VSX or a physical GW? What version of software on both? Is HTTPSi enabled on both? Please provide more details.

0 Kudos
PhoneBoy
Admin
Admin

Absent further details (versions/JHF level of the VSX gateway versus the "Quantum Mid Range FW" gateway), I suspect the issue will be solved on VSX by upgrading to a more recent release.
Determining what website you are accessing without full HTTPS Inspection requires parsing SNI...and more importantly, verifying the SNI is correct (i.e. you're accessing the website SNI claims to be accessing).
This wasn't added "out of the box" with Categorize HTTPS Sites enabled until R80.40.

the_rock
Legend
Legend

Hey @ak463 . In the spirit of the community, we always appreciate when people provide as many details as possible, so we can all work as a team and help you solve the issue.

If you could provide us with a screenshot of the rule and any relevant logs, that would be good start (please blur out any sensitive info).

Cheers mate.

Andy

ak463
Explorer

Hi apology for being absent.

There is a rule overlapping and allowing everything to access across all network. TAG team found it with some scripts and issue has been resolved. Customer is happy now.

Thank you all. 

With Best Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events