There is a scenario where
Block Categories in the
G4 policy row overrides all
Allow rules above the list. This occurs only when the
SSL Interception is set as
Disable and the site is HTTPS; HTTP sites are not blocked.
The ThreatPulse policy is not able to determine category by its URL because with HTTPS/SSL the URL is known only after the SSL handshake.
For security reasons, this is the expected behavior.
#1 Enable SSL Interception.
Services > Network > SSL > Enable
Note: Clients must install the Entrust Root certificate to be trusted and avoid the warning prompt.
#2 Remove the category from the
Block Categories rule and create another rule specifically to block this categories below the
Allow rule for specific clients or destinations.
Note: This additional rule is different from
G4 defaults to
Imported Document ID: 000022799
Subscribing will provide email updates when this Article is updated. Login is required.