Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ironport S160

Hi all,

i have question about ironport S160, how to blocking URL or access https://www.facebook.com

already create on custom url categories, and working for www.facebook.com or facebook.com

when I typed in the browser does not work with this https://www.facebook.com

Regards,

Habibi

Regards, Habibi
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Ironport S160

Habibi,

Are HTTPS proxy and decryption policy enabled in your policy?

Note that with HTTPS traffic, the S160 is checking the CN name of the SSL certificate on the site first.

Looking at the site, the CN used is *.facebook.com, what is the entry used in the custom URL list?

regards,

-donny

4 REPLIES
Cisco Employee

Ironport S160

Habibi,

Are HTTPS proxy and decryption policy enabled in your policy?

Note that with HTTPS traffic, the S160 is checking the CN name of the SSL certificate on the site first.

Looking at the site, the CN used is *.facebook.com, what is the entry used in the custom URL list?

regards,

-donny

New Member

Ironport S160

Hi Donny,

yes, HTTPS & Decrypt policy has been enable

im trying to input the expression : *.facebook.com is not a valid entry on custom URL

but I have found a document in the IronPort custhelp "how to block access to youtube via HTTPS"

and following the steps in the document, and it works now, but I am having problems with the enable social network allows other sites like twitter, instagram has block also

ty for your response

Regards,

Habibi

Regards, Habibi
Cisco Employee

Ironport S160

Hi Habibi,

The entry in custom URL should be .facebook.com since * (asterisk) is not a valid entry in the site section, but it is acceptable in the regular expression section.

I believe you are trying to block all social networking category, but only allowing twitter and instagram. If this is the case, you need to create a new custom URL list with CN for twitter and instagram and apply it to the decryption policy with permission to monitor or pass through.

Hope this helps.

Thanks,

Donny

New Member

Ironport S160

Hi Donny,

*.facebook.com is not acceptable on regular expression section..hehehe

but my problem is solved, after create rule on identities, decrypt policy & access policy on group

Thanks for reply Donny

Regards,

Habibi

Regards, Habibi
673
Views
0
Helpful
4
Replies