Unified Agent cannot perform SSL inspection. For this reason, it is possible in certain circumstances for a user to access a blocked web site over HTTPS.
For example, a user logs on to an allowed site via HTTPS, and then from that site clicks a link to a blocked site. Because the request for the blocked site is SSL encrypted, Unified Agent cannot detect the request and therefore does not block it.
Note: Unified Agent can read the SNI (server name indication) header — which may provide the domain of the request — and apply filters based on that information.
Two possible solutions:
Block the original site
Switch to Symantec Web Security Service (WSS) — ProxySG in the cloud — which uses SSL Visibility to decrypt requests
Subscribing will provide email updates when this Article is updated. Login is required.