Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

DPI-SSL & CFS (URI blok (domain)) Strange behavior What am I doing wrong.

ChusitoChusito Newbie ✭
edited February 20 in Firewall Security Services

Hello,
I have a situation I want to tell you about.
Version 7.1.3 (latest)
I have tested cleanly on a TZ470
Wan -Lan and DPI-SSL + CFS (Uri List) (Lab environment)
The test is, I want to block a Domain, my tests were “wetransfer.com”.
WITHOUT DPI-SSL the CFS blocks, certainly the access to the web.
(CFS -HTTPs enabled)
Now I prepare the DPI-SSL and install the certificate, and I make that in the categories of the CFS FOR DPI-SSL I do not inspect for category 77,(Online Personal Storage)
In this case, with this category excluded from the inspecion, YES you can access to this web.
The question is: The CFS with its blocking part (“BlakList”) of domain, is NOT taken into account when the DPI-SSL, works?
The logic would say that if I tell the CFS through the option to block domains, keywords, or URIS, it is still taken into account when the DPI-SSL has that domain (by category) without inspection.
This that I raise, is strange, it does not have logic, or that procedure will have to do, so that what I want to do, the firewall, does it.
Suppose I want Wetransfer.com to be blocked, BUT I do NOT want Google Drive, or DropBox, or any other to be blocked.

Can any of you confirm this behavior, or am I necessarily configuring something wrong.

Category: Firewall Security Services
Reply
Sign In or Register to comment.