Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Test Policy Web Pages

Does this website not work anymore with XG?

Running a policy test against just the web policy seems to show the correct result...

But this test fails, and even classifies the address incorrectly...

Going to these pages in a web browser doesn't seem to trigger the web filtering on the FW rule either. But, going to some websites that I know will trigger the web filtering do seem to work as expected.


Edited TAGs
[edited by: Erick Jan at 2:26 AM (GMT -7) on 29 Mar 2024]
Parents Reply Children
  • Not that is "doesn't bother" but that it cannot.  A secure SSL/TLS connection is made to the domain, with the SNI in connection identifying the name of the server.  Once the encrypted tunnel is established a GET request containing the path is made.  But if the XG is not decrypting, it does not see the request with path.

    When you test "Web Policy Only" it does not know if you are decrypting or not, it assumes you are.  When you test with firewall rules and TLS rules, then it can apply the correct decryption decision.