Policy testing tool is not working correct

Hi,

unfortunately the policy test tool is not working correct.

When i enter my IP adress and type in "https://www.youtube.com/" in the URL field, the following information is given:

But neither the firewall rule or ssl/inspection rule is correct in my case:

As you can see in the logs my decrytion rule (ID 3) is matched, not HTTP Scanning (ID 4)

Here is my ruleset for ssl inspections:

Also in the webfilter logs the rule ID 6 (HTTPS scanning) is matching for the device, not the rule with ID 3.

Maybe this error occurs because my rules depends on MAC-Adresses not IP-Adresses so the policy tool can not check correctly?

 
Parents
  • If you create a (Firewall|TLS) Rule that relies on the the source MAC address and then use the policy tester, that rule will never be hit.  The policy tester has no way of entering a source MAC address.  In effect, you cannot match a rule due to MAC unless you have a MAC input value.

    Logically makes sense, but easy to miss.  

    I don't know if there is an easy (and non-cluttered) way to say this in the policy tester.  But I agree it should at least say so in help.

     

Reply
  • If you create a (Firewall|TLS) Rule that relies on the the source MAC address and then use the policy tester, that rule will never be hit.  The policy tester has no way of entering a source MAC address.  In effect, you cannot match a rule due to MAC unless you have a MAC input value.

    Logically makes sense, but easy to miss.  

    I don't know if there is an easy (and non-cluttered) way to say this in the policy tester.  But I agree it should at least say so in help.

     

Children
No Data