Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
andy_currigan
Contributor

SSL protocol in application control rules

we have a strange behaviour with ssl protocol and application control.

customer notify us that some sites that should be blocked by the application control were accessible (like facebook)

rules are configured in whitelist mode (allowing specific categories and applications and a block all rule a the bottom)

after investigating we notice that there was an application control rule that enabled https to internet that allow facebook and many other sites, once disabled that rule all these sites were correctly blocked by the application control rules but we got also lot's of traffic blocked as "SSL protocol" and we needed to recover the rule.

how can we enable ssl protocol and block these sites at the same time?

one solution would be to change the policies to a blacklist mode but the customer want to keep the rules in whitelist mode.

thanks

 

 

2 Replies
PhoneBoy
Admin
Admin

SSL protocol is a fairly generic application signature, matching all HTTPS traffic.
This could include uncategorized websites, which may not be what you want to allow.
Your best bet is to whitelist the specific SSL traffic you wish to allow by source/destination or create some sort of signature for the traffic you wish to allow.
rloureiro
Explorer

Hi all,

When access to a permitted website is blocked, if we open it with Internet Explorer we can access it and once we have accessed it from Internet Explorer we can access it from the rest of the browsers.

This is a very strange behaviour. Maybe it is necessary to allow the ssl_v2 and v3 service?

Thank you.

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events