Create a Post
Showing results for 
Search instead for 
Did you mean: 

Unable to access a bank's site even though it's allowed by a rule

Hi, community!

I'm having troubles accessing banks and finance sites even though they are allowed by the proper rule. The Finance category is allowed as part of a group of categories called "level 2 categories":

But when I go to a banking site, such as the connection is blocked. According to our logs, the firewall is blocking some sites associated to the bank's site, but it's not showing me any categories associated to them:

If I allow everything through the rule, all sites open correctly.

Any thoughts?

I'm running R80.10.


0 Kudos
4 Replies
Employee Alumnus
Employee Alumnus

It seems that Website is SSL(HTTPS) and SSL(HTTPS) inspection not enabled

0 Kudos

But shouldn't URL categorization work even without SSL Inspection activated if I choose to "categorize HTTPS sites"?

0 Kudos

The categorization in this case will depend on what the DN of the TLS certificate is, which may be different than the URL typed in the browser.

0 Kudos

The Subject of a certificate can be anything if you have match on the Subject Alternative Names as those are preferred over the Subject of the certificate.

At this moment I think that without SSL intercept you may run into problems.

There is still a lot of debate about all of this. Chrome seesm to ignore the subject and only relies on Subject Alternative Name.

By now that term seems to be misleading as it seems to be more of a Subject Name List.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events