- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Traffic Control
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Traffic Control
Hi,
We have a VSX environment with various VS, two of them are controlling traffic, but just one has HTTPS Inspection enabled, the other one is only using categorization, in order to work with HTTPS Inspection, we uncheck the option "Categorize HTTPS websites", but the VS without HTTPS Inspection is not enforcing rules because can not categorize that traffic.
I need to know how does that option works, is there a way to only activate Categorization for the VS that does not have HTTPS Inspection? Does the platform have trouble having both enabled? if so, how can I control this traffic without using https inspection and the option "Categorize HTTPS websites" disabled?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should be possible in R80.20 per sk108202 i.e. HTTPSi + Categorise HTTPS websites
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order for Application Control and URL Filtering to work best, it is better to have HTTPS Inspection enabled. I think it's better to do the Application Control + URL Filtering on the perimeter firewall w/ outbound HTTPS Inspection enabled on that firewall for outbound connections.
Not sure why your topology requires 2 virtual systems to perform categorization, ideally this should only be done once on the way out to the internet. Are you able to share any more details?
Without HTTPS Inspection or HTTPS Categorization, you won't be able to use site/category in the policy for rules containing the https service. HTTPS Categorization will only categorize based on the subject common name of the trusted certificate returned by the server, so the results will be mixed when using HTTPS Categorization.
