Test Policy Web Pages

Question

Does this website not work anymore with XG? 
 https://sophostest.com/index.html 
 Running a policy test against just the web policy seems to show the correct result... 
 
 But this test fails, and even classifies the address incorrectly... 
 
 Going to these pages in a web browser doesn't seem to trigger the web filtering on the FW rule either. But, going to some websites that I know will trigger the web filtering do seem to work as expected. 
 Thanks, Gary

Michael Dunn · Accepted Answer

Not that is "doesn't bother" but that it cannot. A secure SSL/TLS connection is made to the domain, with the SNI in connection identifying the name of the server. Once the encrypted tunnel is established a GET request containing the path is made. But if the XG is not decrypting, it does not see the request with path.

When you test "Web Policy Only" it does not know if you are decrypting or not, it assumes you are. When you test with firewall rules and TLS rules, then it can apply the correct decryption decision.

Gary Parr · Answer

Ah, never mind. I had removed the SSL decryption for some other testing. Hitting the site with http worked and the individual category pages tripped the filter. I'm guessing without SSL decryption, filtering doesn't bother to look past the root domain?

Test Policy Web Pages

Top Replies