03-24-2011 04:28 AM - edited 03-11-2019 01:12 PM
Having some problems blocking users installing/using secure browsers proxy. Currently runing ASA 5520 ver. 8.3 & IPS SSM-20 7.0 (2) E4 & Websense web filtering. Able to block most proxy sites with Websense that use port 80 but recently found that some users using some products like Njutrino that use their own secure browser that use it's own proxy over SSL connection.
03-24-2011 11:12 PM
Since Websense is providing web filtering, you would need to check with Websense why it is not being blocked.
My first guest, as the session is SSL encrypted, Websense will need to inspect the HTTPS packet before able to see the clear text packet. Please check with Websense if HTTPS inspection is configured to decrypt the SSL session.
03-25-2011 05:02 AM
Websense cannot inspect a HTTPS proxy connection, please it's impossible to block every proxy server (could be a home proxy), anyway for Cisco ASA to inspect HTTPS ?
03-25-2011 02:23 PM
No, Cisco ASA firewall also does not inspect HTTPS because to inspect encrypted traffic, you would need to be performing man-in-the-middle to you can get the HTTPS connection decrypted.
You can take a look at Cisco Ironport WSA or Cisco ScanSafe web filtering solution that does provide HTTPS inspection capabilities.
Cisco Ironport WSA (appliance):
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps10164/data_sheet_c78-586408.html
Cisco Scansafe (cloud base):
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10142/ps11616/DS_web_security.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide