I have a question regarding the URL-Filter-Blade, in the following configuration:
- SMS R80.10, latest Hotfix
- FW-GW: VSX-System, R80.10, latest Hotfix
- URL-Filter-Blade in non-transparent-mode (Clients have configured the FW as explicit proxy)
- NO HTTPS-Interception is configured
- cat. HTTPS-Sizes is enabled
Regarding this, I have some questions:
- Is it correct, that the FW does not use the CN for the cat. of HTTPS-Sites, when I use the FW as a explicit proxy?
- In this configuration, is it true, that the block-page for not allowed HTTPS-Sites will not be opened by the client's browser (same as in transparent-mode)? So there is no other way, to use HTTPS-Interception, irrespective which proxy-mode i use, that the clients can open/see the block-page?
- What would you guys suggest, should I use the FW as a transparent URL-Filter or do I have less problems, if I am using the FW as explicit proxy (maybe in combination with HTTPS-Interception)? Performance should not be a problem, because we have a 23500er VSX-Cluster with about 65 GB of RAM and we are talking about 250 Users/Clients.