Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1749
Views
0
Helpful
4
Replies

Ironport S160

Go to solution
yusuf habibi
Level 1
Level 1

‎01-19-2014 09:40 PM

Hi all,

i have question about ironport S160, how to blocking URL or access https://www.facebook.com

already create on custom url categories, and working for www.facebook.com or facebook.com

when I typed in the browser does not work with this https://www.facebook.com

Regards,

Habibi

Regards, Habibi
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
donnylee
Cisco Employee
Cisco Employee

‎01-20-2014 09:45 PM

Habibi,

Are HTTPS proxy and decryption policy enabled in your policy?

Note that with HTTPS traffic, the S160 is checking the CN name of the SSL certificate on the site first.

Looking at the site, the CN used is *.facebook.com, what is the entry used in the custom URL list?

regards,

-donny

View solution in original post

0 Helpful
4 Replies 4

Go to solution
donnylee
Cisco Employee
Cisco Employee

‎01-20-2014 09:45 PM

Habibi,

Are HTTPS proxy and decryption policy enabled in your policy?

Note that with HTTPS traffic, the S160 is checking the CN name of the SSL certificate on the site first.

Looking at the site, the CN used is *.facebook.com, what is the entry used in the custom URL list?

regards,

-donny

0 Helpful

Go to solution
yusuf habibi
Level 1
Level 1
In response to donnylee

‎01-20-2014 10:06 PM

Hi Donny,

yes, HTTPS & Decrypt policy has been enable

im trying to input the expression : *.facebook.com is not a valid entry on custom URL

but I have found a document in the IronPort custhelp "how to block access to youtube via HTTPS"

and following the steps in the document, and it works now, but I am having problems with the enable social network allows other sites like twitter, instagram has block also

ty for your response

Regards,

Habibi

Regards, Habibi
0 Helpful

Go to solution
donnylee
Cisco Employee
Cisco Employee
In response to yusuf habibi

‎01-21-2014 03:07 PM

Hi Habibi,

The entry in custom URL should be .facebook.com since * (asterisk) is not a valid entry in the site section, but it is acceptable in the regular expression section.

I believe you are trying to block all social networking category, but only allowing twitter and instagram. If this is the case, you need to create a new custom URL list with CN for twitter and instagram and apply it to the decryption policy with permission to monitor or pass through.

Hope this helps.

Thanks,

Donny

0 Helpful

Go to solution
yusuf habibi
Level 1
Level 1
In response to donnylee

‎01-21-2014 06:19 PM

Hi Donny,

*.facebook.com is not acceptable on regular expression section..hehehe

but my problem is solved, after create rule on identities, decrypt policy & access policy on group

Thanks for reply Donny

Regards,

Habibi

Regards, Habibi
0 Helpful
Customers Also Viewed These Support Documents