Solved

Sonicwall HTTPS filtering

Posted on 2014-03-06
4
438 Views
Last Modified: 2014-03-06
I recently acquired a sonicwall 250 NSA with most licenses but the DPI-SSL (at the time I did not know the impact this license had) and  I came across a problem when filtering content to my users.. well https is not filtered at all... and lots of sites use https. So I tried to create a firewall rule that would deny https to some users but, as it turns out . you cant do this so... does anyone know a workaround or a method to if possible filter https (yes I tried the Enable HTTPS Content Filtering checkmark)  and if not possible to deny traffic to some users at the https service and allow others...

Thanks!
0
Comment
Question by:xqualo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39909491
0
 

Author Comment

by:xqualo
ID: 39909617
Looks good however I'm looking to deny all https access to some users not to a special website.  the other 3 links are about how to use a blacklist and DPI-SSL license.. it does help but it doesnt solve the problem as a whole :)  Thanks!
0
 
LVL 20

Accepted Solution

by:
carlmd earned 500 total points
ID: 39909680
You should be able to do that by setting up a firewall rule. Depending upon which list is larger, the ones you want to block, or the ones you want to allow, would determine the best way to go. For example, assume you want to block 3 pc's (by ip or mac address), first define each one as an Address Object, then add all three to a Group. Now create a rule for the LAN to WAN zone that blocks are traffic on port 443 for the specific group. Make sure this rule is above (higher priority) then the permit all (any any) rule. That should do it.

If you need instructions to do this please advise.
0
 

Author Closing Comment

by:xqualo
ID: 39909779
Thanks!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5516-X Configuration 4 159
ASA 5510 PAT question 1 31
How to safely test out TFTP server software 12 116
SSL-VPN 1 47
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question