05-09-2016 10:18 PM
I have a problem regarding of web-filtering.
I've used a filrewall : ISG-1000.
I already know that ISG-1000 do not support to block HTTPS(443).
So, I decided that I have to block URL by configuring white-list method like below picture.
(Please concentrate RED square)
I'll try to configure like RED square.
Please confirm whether this method can do well or not.?
1. V1-Trust -> V1-Untrust : Source(SN_Network), Destination(white-list)
2. V1-Untrust -> V1-Trust : Source(white-list), Source(SN_Network)
*SN_Network : The IPs we use
*white-list : The IPs and URLs we'll block.
05-10-2016 03:33 AM
You only need the rule to be in the direction that the tcp session is initiated, number 1 in your case.
But I don't think your white list url filter will work. My recollection is that there is no ssl decryption on this platform so we cannot read the url to do the match. Your only option with ssl traffic is ip address based blocking in the firewall rule destination addresses for encrypted flows.
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7