Content Inpection Issues

Mark_LawrenceMark_Lawrence
in Firebox - Proxies

We have enabled Content Inspection after setting up an Active Directory CA to allow Weblocker to block some HTTPS Sites. We have so many internet users now complaining they can no longer login to certain websites or parts (e.g) of the website no longer work This even if I add website domain to the exception list Could I have setup this incorrectly or are there that many websites which do not allow Conent Inspection that turning it seems pointless?

Also I am trying to setup a webdenied HTTPS proxy rule based on an AD group webdenied. It is higher in the list but does not prevent internet access

Comments

  • Bruce_BriggsBruce_Briggs
    1. yes, there are many sites which do not work with Inspect. Some of these expect to see their own cert, not the firewall cert. I add exceptions as needed.

    Your choice is - no Inspect and the risk that that entails for your company & users, or Inspect and the need to manage the exceptions.

    1. for the webdenied HTTPS proxy, are you logging allowed traffic for this policy.
      If not, try doing this, at least for debugging. This should show that the policy is actually being used for the desired user group.
Sign In to comment.