Application control blocking websites

Question

Hi, 
 
 one of our customer was trying to browse "https:// apex.irclass.org :82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the traffic. 
 Anyone can guide: 
 1. How to get the logs related to this issue. 
 2. How to allow "https:// apex.irclass.org :82" in application control 
 
 Thanks in Advance

Vivek Jagad · Answer

Hello Kripasindhu Ghosh , DPI engine detects and filters HTTP and SSL/TLS traffic on any port. Where as when enabling the option "Use web proxy instead of DPI engine" under the firewall rule, then the Web proxy transparently handles traffic only on TCP ports 80 and 443 only . Alternatively you can also create an exception as suggested by rfcat_vk Under the web > exception > add: skipping the options like HTTPS decryption, HTTPS certificate validation, Malware and content scanning, Zero-day protection & Policy checks. Select the URL pattern matches and add the following regex: ^([A-Za-z0-9.-]*\.)?apex\.irclass\.org:82/

Wayne Folta · Answer

Application Control looks at things like destination ports, and port 82 is totally non-standard for HTTPS, so that's a plausible reason. (In fact, 81, 82, etc, seem to be used by some TORs, which would be suspicious.) 
 When I try going to that link, entries show up in Log Viewer > Application Filter identifying it as a TOR Proxy, which makes sense. It gives a Policy ID of 4 and App Filter Policy ID is 8, though I'm not sure what to do to locate that and turn it off in Application Filtering. 
 Worst-case, you could set up a firewall rule that has no App Filtering with destination of that particular domain, destination port 82. Make sure it's higher than the rules messing you up.

Application control blocking websites

Top Replies