Virtual Secure Web Gateway

 View Only
  • 1.  Blocking HTTPS access for facebook

    Posted Jan 29, 2013 11:07 PM

    Very much aware of this KB from Symantec:

    http://www.symantec.com/business/support/index?page=content&id=TECH98131

    But is it possible to block any website even if it is accessed using HTTPS and SWG is inline mode?

    As far as we know, other products seem to work on this one.

    Any ideas to have a solution for this? Very appreciated if there will be just one.

     

    Thanks.



  • 2.  RE: Blocking HTTPS access for facebook

    Posted Jan 30, 2013 09:52 AM

    It is not possible to selectivly block https in inline or span/tap mode with the SWG, proxy mode was added to deal with https inspection.

    You may be able to use your internal DNS server to redirect domains wish to block entirely.



  • 3.  RE: Blocking HTTPS access for facebook

    Posted Jan 30, 2013 11:57 AM

    As per your link and the article below, it may be possible if you use an external proxy and place the SWG inline between the proxy and the endpoints:

    http://www.symantec.com/docs/TECH178689



  • 4.  RE: Blocking HTTPS access for facebook

    Posted Jan 30, 2013 07:28 PM

    Noted on your comments.

    My current worries is that the secured website for Facebook is allowed to be accessed once SWG is in inline mode.

    I tried before to include facebook.com within the blacklist. But nothing happened. I could still access their https site.

    By the way, the setup is currently Inline + Proxy.

    Hope you could help me a lot on this.

    Thanks.



  • 5.  RE: Blocking HTTPS access for facebook
    Best Answer

    Posted Jan 31, 2013 03:57 AM

    If you have the SWG in Inline+Proxy mode, then the most effective way you can block https access to facebook is to configure all your user endpoints to use the SWG as their proxy.  If you combine this with firewall rules to restrict web traffic from the user subnets, forcing them to go via the SWG proxy for web access, and you should be away.

    Is there any reason why you're focussing upon the Inline traffic?



  • 6.  RE: Blocking HTTPS access for facebook

    Posted Feb 21, 2013 09:14 AM

    I would like to request an enhancement to the Web Gateway.  As mentioned earlier, other products can block HTTPS via inline or span/tap mode. 

    In larger organizations, using a proxy server is complicated and cumbursome.  Espcially when there are other products that have this feature already.

    What would it take to have this added?  The Web Gateway just needs to block HTTPS via a DNS lookup, it does not need to inspect the secure traffic.



  • 7.  RE: Blocking HTTPS access for facebook

    Posted Mar 06, 2013 08:37 AM

    as per client's setup (which is a school). it was set as inline+proxy because they would want also to give internet access to their students who use their devices. also, they wanted their employees to be restricted from accessing some websites. but either way, they still wanted some sites to be restricted from being accessed.



  • 8.  RE: Blocking HTTPS access for facebook

    Posted Apr 29, 2013 08:13 PM

    very much noted. looks like they need to use proxy to block https.

    very thanks for the help.